Full Disclosure mailing list archives
Re: PaX privilege elevation security bug
From: <cyber_tal0n () hushmail com>
Date: Mon, 7 Mar 2005 11:06:52 -0800
Despite the negative assumptions from Martin Pitt and lack of understanding from the security world as a whole over our OpenSSL <= 0.9.6m vulnerability, tal0n Security will continue to be a respected market leader in the world of Internet Security. You can lead a horse to water but you can't make it drink! Therefore we decided to expand our expertise into the world of kernel development. We at tal0n security were greatly suprised to see no feedback on this thread and decided to help every hacker out there who has wanted to hack grsecurity.net. The vulnerability exists with the pax modifications to mmap.c. tal0n Security wonders what happens if we try to unmap when there is no vma segment? uH oH!?!?! tal0n Security likes to lead horse to free_pgtables to see damage we can make from an unpriviledged proc. tal0n Security can confirm trivial local exploitation of this bug as well as reliable remote exploitation. Our underground network of IRC (Internet Relay Chat) spys also confirm the exploit is in posession of the worlds greatest hacker, divineint. Testbeds include www.grsecurity.net. tal0n Security would like to thank all those who applied for positions in our growing organisation, we are currently processing your applications. Regards, tal0n Security Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- PaX privilege elevation security bug pageexec (Mar 04)
- <Possible follow-ups>
- Re: PaX privilege elevation security bug cyber_tal0n (Mar 07)
- Re: PaX privilege elevation security bug Christophe Devine (Mar 13)