Dailydave mailing list archives
Linux recvmmsg privilege escalation exploit
From: Alex McGeorge <alexm () immunityinc com>
Date: Thu, 06 Mar 2014 10:57:51 -0500
Hello List, There's been a lot of public work on the Linux recvmmsg local privilege escalation (CVE-2014-0038) and there are some nice public exploits available for it. Like any consumer though, I've realized the exploit game is really a features race. Our exploit for this bug is quick, like returning shells in under 30 seconds quick. It also doesn't require symbols which makes it more portable. And we've tested it to work on a pretty wide variety of kernels you'll see in the wild powering Ubuntu and other Debian derived distributions. These are the kind of features you want when you rely on this type of software. Like most feature rich software this module was a team effort, in this case our Linux exploit development team :) Check it out in action: http://vimeo.com/88291815 , there are also some useful tips about using this exploit in practice that you'll want to be aware of This exploit is going to be a CANVAS Early Updates exclusive, at least for a little while. More information on CEU can be found: http://www.immunityinc.com/products-early_updates.shtml Cheers, -AlexM _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Linux recvmmsg privilege escalation exploit Alex McGeorge (Mar 06)