Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remote kernel bug in SCTP?

From: sgrakkyu <sgrakkyu () openssl it>
Date: Tue, 28 Apr 2009 03:49:37 +0200
dave wrote:

Did everyone else already know about this bug? So you connect to an SCTP
endpoint, then send a packet to overwrite arbitrary kernel data? That'd
be cool.

This is where Phillipe tells us about his scanner from 2002. :>

-dave



Hi everybody, I saw some stream of mails wondering about this SCTP
issue: some sayin' it's a D.o.S., some other thinking about a local
exploit.
It started as a challenge and it ended up as a lot of fun and a reliable
one-shot remote exploit for Linux SLUB/SLABs

Here you go the link: http://sgrakkyu.antifork.org/sctp_houdini.c
(it covers x86-64 kernels only)

and here you go a small blog post I made for it:
http://kernelbof.blogspot.com
More details might be added, if someone is interested.
Hope you'll have at least half of the fun I had in developing it:)

Cheers,

  -sgrakkyu
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: