Full Disclosure mailing list archives
Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
From: Paul Starzetz <ihaquer () isec pl>
Date: Tue, 2 Dec 2003 18:20:21 +0100 (CET)
On Tue, 2 Dec 2003, Florian Weimer wrote:
The debian announcement only says that by the time that this bug was discovered, it was too late already for the 2.4.22 kernel release.Another cre^Wgroup of researches publicly claimed that they had discovered this issue and that their exploit might have leaked to the underground. The report might be phoney, or it could reflect an independent rediscovery.
we discovered the bug at the end of September 2003 and started to study the vulnerability. About 15.10.2003 a first version of a proof-of-concept exploit already existed (nothing clean just run, get root and then crash). Due to the silent fix in the kernel tree (which we discovered while looking at the -rc patches for 2.4.22 to 2.4.23 at the end of November) we believed that 'the others' are convinced that the bug is not exploitable, thus we decided to schedule an article for a security magazine at the end of this year and start a public disclosure. Unfortunately it may be possible that a binary image of the latest exploit code has been leaked outside of iSEC machines... We are preparing a technical paper for the next 30 days. regards Paul Starzetz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SECURITY] [DSA-403-1] userland can access Linux kernel memory debian-security-announce (Dec 01)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Florian Weimer (Dec 01)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Roman Drahtmueller (Dec 02)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Florian Weimer (Dec 02)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Paul Starzetz (Dec 02)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Roman Drahtmueller (Dec 02)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Cedric Blancher (Dec 02)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Wojciech Purczynski (Dec 02)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Florian Weimer (Dec 02)
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory Florian Weimer (Dec 01)