Dailydave mailing list archives
Re: Denial of Service?
From: don bailey <don.bailey () gmail com>
Date: Mon, 01 Dec 2008 11:12:28 -0700
Dave Aitel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reading through today's list of kernel bugs from Ubuntu I noticed a lot of "denial of services". Are these really denial of services? Can we get an exploitability index explanation for these? :>
I've noticed a fairly strong trend over the past couple years for organizations to quickly classify kernel bugs as "denial of service" vulnerabilities. I've found the reason behind this isn't so much due to research proving that these bugs can only illicit a DoS, but due to a lack of due diligence or skill on the part of the researcher. Though I'm sure many of these analysts are skilled individuals, many times bugs are misclassified due to vectors not investigated. The NULL page technique is one such missteps. While I have not investigated these particular bugs, one would conjecture that the ability to remap a driver's memory page(s) would lead to more than a simple crash of the kernel. After researching several recent "zero day" bugs in Linux file system code, I'd suspect that the HFS+ bug can do more than crash the system as well. The SCM_RIGHTS bug sounds suspiciously like something a page injection strategy might be perfect for, though the researcher that analyzed the i2c driver seems to have considered NULL page injection. I think it's all in the flavor of the researcher you're dealing with since there's no real protocol or template for auditing code. I'm sure many of your readers can agree that while may give those with a bit of knowledge the edge, it leaves the general public often misinformed when it comes to who to trust with their 10,000+ line code audit. D _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Denial of Service? Dave Aitel (Dec 01)
- Re: Denial of Service? don bailey (Dec 01)