Full Disclosure mailing list archives
Re: linux procfs vulnerablity
From: "GroundZero Security" <fd () g-0 org>
Date: Sat, 24 Dec 2005 16:55:55 +0100
Hi ! i tested this bug and it is fact that indeed kernel memory can be leaked. this leads to priviledge escalation as the encrypted root password is in there. it could be cracked with john. in the log is more information that could lead to a full system compromise. nice bug and not hard to code :-) -sk Http://www.groundzero-security.com ----- Original Message ----- From: "Karl Janmar" <karl () utopiafoundation org> To: "coderman" <coderman () gmail com> Cc: <full-disclosure () lists grok org uk> Sent: Saturday, December 24, 2005 6:00 AM Subject: Re: [Full-disclosure] linux procfs vulnerablity
The arch is x86 and I ignore the rest of your comments, maybe you have to think a little more? - karl coderman wrote:On 12/23/05, Karl Janmar <karl () utopiafoundation org> wrote:... I have found one flaw in Linux procfs code that make the kernel disclose memory.i'd love to see you exploit this! rly!fs/proc/proc_misc.c:74 ... if (len <= off+count) *eof = 1; ... off is a off_t and count is a int.what arch? on intel assign a s32 to int? the sky is falling..._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- linux procfs vulnerablity Karl Janmar (Dec 23)
- Re: linux procfs vulnerablity coderman (Dec 23)
- Re: linux procfs vulnerablity Karl Janmar (Dec 24)
- Re: linux procfs vulnerablity GroundZero Security (Dec 24)
- Re: linux procfs vulnerablity Karl Janmar (Dec 24)
- Re: linux procfs vulnerablity coderman (Dec 23)