Full Disclosure mailing list archives
remote kernel exploits?
From: memetic-engineer () australia edu (memetic-engineer () australia edu)
Date: Sun, 08 Sep 2002 19:34:43 -0800
- - Given the skill required to craft such an exploit, I'd think it would be way out of the grasp of the kids. Since no researcher has come forth with such a vulnerability, it's logical to conclude that this does not exist. The bugs are said to have something to do with integer manipulation in the kernels' TCP/IP stacks. That's all he was able to offer me, but was very forward in saying that he has full confidence based on conversations with others that these bugs do indeed exist.
I would hope so. Unsigned integer manipulation | TCP/IP steganography is not a new idea. Does this look familiar? #phrend 1 18:50:29.071117 ryan.blueboar.com.7350 > poor.theo.com.www: S 1207959552:1207959552(0) win 512 (ttl 64, id 49408) Decoding:... S 1207959552/16777216 [ASCII: 72(H)] #phrend 2 18:50:30.071117 ryan.blueboar.com.7351 > poor.theo.com.www: S 1157627904:1157627904(0) win 512 (ttl 64, id 47616) Decoding:... S 1157627904/16777216 [ASCII: 69(E)] #phrend 3 18:50:31.071117 ryan.blueboar.com.7353 > poor.theo.com.www: S 1275068416:1275068416(0) win 512 (ttl 64, id 41984) Decoding:... S 1275068416/16777216 [ASCII: 76(L)] #phrend 4 18:50:32.071117 ryan.blueboar.com.7354 > poor.theo.com.www: S 1275068416:1275068416(0) win 512 (ttl 64, id 7936) Decoding:... S 1275068416/16777216 [ASCII: 76(L)] #phrend 5 18:50:33.071117 ryan.blueboar.com.7355 > poor.theo.com.www: S 1325400064:1325400064(0) win 512 (ttl 64, id 3072) Decoding:... S 1325400064/16777216 [ASCII: 79(O)] #phrend 6 18:50:34.071117 ryan.blueboar.com.7356 > poor.theo.com.www: S 167772160:167772160(0) win 512 (ttl 64, id 54528) Decoding:... S 167772160/16777216 [ASCII: 10(Carriage Return)] 4,294,967,296 numbers can be stored in a 32 bit address space. sequence number is a nice place to hide data. Im sure some clever katz have made improvements on this and other techniques. Who knows though. I could be way off base. This message was sent from http://australia.edu Check out the new international site at http://australia.edu/international
Current thread:
- remote kernel exploits? andy_mn () hushmail com (Sep 08)
- remote kernel exploits? Azerail (Sep 08)
- Re: remote kernel exploits? Jose Nazario (Sep 09)
- Re: remote kernel exploits? Stephen (Sep 09)
- remote kernel exploits? Blake Frantz (Sep 18)
- <Possible follow-ups>
- remote kernel exploits? isergevsky () hushmail com (Sep 08)
- remote kernel exploits? memetic-engineer () australia edu (Sep 08)
- RE: remote kernel exploits? Yonatan Bokovza (Sep 10)
- RE: remote kernel exploits? Jacques A. Vidrine (Sep 10)
- RE: remote kernel exploits? Gommers, Joep (Sep 11)
- RE: remote kernel exploits? andy_mn () hushmail com (Sep 12)
- RE: remote kernel exploits? Andrew Thomas (Sep 12)
- RE: remote kernel exploits? HalbaSus (Sep 13)
- RE: remote kernel exploits? silvio () big net au (Sep 13)
- Message not available
- RE: remote kernel exploits? silvio () big net au (Sep 13)
- RE: remote kernel exploits? gml (Sep 13)
- RE: remote kernel exploits? Nick FitzGerald (Sep 13)