Full Disclosure mailing list archives

Re: Linux kernel exploit

From: Benji <me () b3nji com>
Date: Mon, 13 Dec 2010 21:21:48 +0000

I know in your perfect world nothing could ever break out of a sandbox, but
this just isnt true.

No more coco-pops for you, maybe some brain food!

On Mon, Dec 13, 2010 at 9:19 PM, Cal Leeming [Simplicity Media Ltd] <
cal.leeming () simplicitymedialtd co uk> wrote:


   1. It ran on a one-time server which gets re-generated every time its
   restarted (which is everytime a testing session has finished)
   2. I did a *very* brief look in the code for shell code etc, and based
   on the noise already on the board, there wasn't any risk.
   3. Even if there was dodgy shell code in there, it still would have
   posed no risk, because the sandbox is re-generated every time (see comment
   1)

No more troll feed for you!

On Mon, Dec 13, 2010 at 9:16 PM, Benji <me () b3nji com> wrote:

wait wait wait.

you dont have time to read header notes, but do have time to run code you
dont really know what it does on your system?

can I send you some code? it's a linux 2.6.* 0day, remote root.


On Mon, Dec 13, 2010 at 9:14 PM, Cal Leeming [Simplicity Media Ltd] <
cal.leeming () simplicitymedialtd co uk> wrote:

Sorry Dan, I did a very quick copy and paste job, without reading the
headers. I simply don't have time to read the code notes of every single
exploit released.

I would say that, if you are fed up with being inundated with emails,
then perhaps you should mark these notes very clearly in big red writing
at the top of the email like this, for those people who don't have much
time to read these notes ;)

On Mon, Dec 13, 2010 at 9:08 PM, <dan.j.rosenberg () gmail com> wrote:

Please don't inundate me with e-mail because none of you bothered to
read the exploit header.

The exploit so far has a 100% success rate on the systems it was
designed to work on.

I don't think this is rocket science.  If your distribution does not
compile Econet, then the exploit obviously won't be able to open an Econet
socket.  This includes Arch Linux, Gentoo, Fedora, Red Hat, CentOS,
Slackware, and more.  This doesn't mean you're not vulnerable, it just means
this particular exploit won't work.

If your distro doesn't export the relevant symbols (Debian), ditto
above.

If your distro has patched the Econet vulnerabilities I used to trigger
this (Ubuntu), ditto above.

This was done on purpose, to avoid giving a weaponized exploit to people
who shouldn't have one.

-Dan


Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: "Cal Leeming [Simplicity Media Ltd]"
       <cal.leeming () simplicitymedialtd co uk>
Sender: full-disclosure-bounces () lists grok org uk
Date: Mon, 13 Dec 2010 20:40:45
To: Ariel Biener<ariel () post tau ac il>
Cc: <leandro_lista () portari com br>; <firebits () backtrack com br>; <
bugtraq () securityfocus com>; <full-disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] Linux kernel exploit

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--

Cal Leeming

Operational Security & Support Team

*Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
support () simplicitymedialtd co uk
*Fax: *+44 (02476) 578987 | *Email: *
cal.leeming () simplicitymedialtd co uk
*IM: *AIM / ICQ / MSN / Skype (available upon request)
Simplicity Media Ltd. All rights reserved.
Registered company number 7143564


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--

Cal Leeming

Operational Security & Support Team

*Out of Hours: *+44 (07534) 971120 | *Support Tickets: *
support () simplicitymedialtd co uk
*Fax: *+44 (02476) 578987 | *Email: *cal.leeming () simplicitymedialtd co uk
*IM: *AIM / ICQ / MSN / Skype (available upon request)
Simplicity Media Ltd. All rights reserved.
Registered company number 7143564

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Linux kernel exploit, (continued)
- - Re: Linux kernel exploit R0me0 *** (Dec 13)
- Re: Linux kernel exploit firebits (Dec 13)
  - Re: Linux kernel exploit Benji (Dec 13)
  - Re: Linux kernel exploit Ariel Biener (Dec 13)
    - Re: Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 13)
    - Re: Linux kernel exploit coderman (Dec 13)
    - Re: Linux kernel exploit dan . j . rosenberg (Dec 13)
    - Re: Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 13)
    - Re: Linux kernel exploit Benji (Dec 13)
    - Re: Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 13)
    - Re: Linux kernel exploit Benji (Dec 13)
    - Re: Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 13)
    - Re: Linux kernel exploit Eyeballing Weev (Dec 13)
- Re: Linux Kernel Exploit highteck (Dec 13)
- Re: Linux Kernel Exploit highteck (Dec 13)
- Re: Linux kernel exploit Ryan Sears (Dec 13)
  - Re: Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 13)
    - Re: Linux kernel exploit Benji (Dec 13)
    - Re: Linux kernel exploit Ariel Biener (Dec 14)