Full Disclosure mailing list archives

Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory

From: Florian Weimer <fw () deneb enyo de>
Date: Mon, 1 Dec 2003 23:58:25 +0100

debian-security-announce () lists debian org wrote:

Recently multiple servers of the Debian project were compromised using a
Debian developers account and an unknown root exploit. Forensics
revealed a burneye encrypted exploit. Robert van der Meulen managed to
decrypt the binary which revealed a kernel exploit. Study of the exploit
by the RedHat and SuSE kernel and security teams quickly revealed that
the exploit used an integer overflow in the brk system call. Using
this bug it is possible for a userland program to trick the kernel into
giving access to the full kernel address space. This problem was found
in September by Andrew Morton, but unfortunately that was too late for
the 2.4.22 kernel release.


Does this mean that the vendor-sec concept has failed, or that there is
a leak on that list?  Or is this just an issue which is very specific to
Linux and its maintainer situation?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[SECURITY] [DSA-403-1] userland can access Linux kernel memory debian-security-announce (Dec 01)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Florian Weimer (Dec 01)
  - Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Roman Drahtmueller (Dec 02)
    - Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Florian Weimer (Dec 02)
    - Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Paul Starzetz (Dec 02)
  - Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Cedric Blancher (Dec 02)
  - Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Wojciech Purczynski (Dec 02)
    - Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Florian Weimer (Dec 02)