Dailydave mailing list archives

Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable

From: spender () grsecurity net (Brad Spengler)
Date: Mon, 20 Jul 2009 09:36:52 -0400

I am not sure about the SELinux policy error he used to 
exploit the RHEL 5.? Beta.


It was a default RHEL 5.3 SELinux policy.  The same vulnerability from
the policy exists in Fedora 10 and 11.  I haven't tested anything else,
but I imagine lots more are vulnerable (and it doesn't matter what 
kernel you're running).  There will be a CVE for this vulnerability as 
well.

(Really there should have been a CVE for the lack of 
-fno-delete-null-pointer-checks instead of pretending the only problem 
was /dev/net/tun.  As the commit to add it showed (and at least 10 other 
commits to the kernel this weekend) lots of other code was affected, so 
someone not applying a fix for a CVE mentioning only /dev/net/tun 
because they don't have the code for /dev/net/tun compiled in, is going 
to be missing out on a number of fixes).

-Brad

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Marcus Meissner (Jul 20)
- Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia (Jul 22)
- Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Brad Spengler (Jul 22)
  - Message not available
    - Re: [oss-security] Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia (Jul 23)