Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory

[Paul Starzetz <ihaquer () isec pl>]

On Tue, 2 Dec 2003, Florian Weimer wrote:

> > The debian announcement only says that by the time that this bug was
> > discovered, it was too late already for the 2.4.22 kernel release.
>
> Another cre^Wgroup of researches publicly claimed that they had
> discovered this issue and that their exploit might have leaked to the
> underground.  The report might be phoney, or it could reflect an
> independent rediscovery.

we discovered the bug at the end of September 2003 and started to study 
the vulnerability. About 15.10.2003 a first version of a proof-of-concept 
exploit already existed (nothing clean just run, get root and then crash).

Due to the silent fix in the kernel tree (which we discovered while 
looking at the -rc patches for 2.4.22 to 2.4.23 at the end of November) we 
believed that 'the others' are convinced that the bug is not exploitable, thus
we decided to schedule an article for a security magazine at the end
of this year and start a public disclosure. Unfortunately it may be 
possible that a binary image of the latest exploit code has been leaked 
outside of iSEC machines... 

We are preparing a technical paper for the next 30 days.

regards

Paul Starzetz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html