Dailydave mailing list archives
linux_pppolt2p privilege escalation
From: Alex McGeorge <alexm () immunityinc com>
Date: Wed, 27 Aug 2014 13:45:20 -0400
Hello to you DD list, The American poet Busta Rhymes wrote "you best come correct", words we try to live by at Immunity and I believe our latest CANVAS measures up to that principle. Immunity's Linux exploit team has released an exploit for CVE-2014-4943 with CANVAS v6.95. The exploit currently targets 32bit and x86_64 support is in the works. What's interesting about this bug is that it goes all the way back to the 3.0 Linux kernel. Which, if you're playing at home, has seen quite a few releases since. Linux kernel security is improving, the environment is changing and as a consequence how you exploit the bug also changes. Some techniques may be available in a subset of kernels but not another. This means you need to be on top of your recon game as a penetration tester. The Linux team has made the exploit as reliable and universal as possible and it certainly is both of those things, but it still requires some sophistication to wield appropriately. We made a video explaining some of the recon suggested and using the exploit in action here: https://vimeo.com/104520979 Cheers, -AlexM
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- linux_pppolt2p privilege escalation Alex McGeorge (Aug 27)