Full Disclosure mailing list archives
Re: Linux kernel exploit
From: Benji <me () b3nji com>
Date: Mon, 13 Dec 2010 21:35:58 +0000
it doesnt contribute to testing, i can assure you there's been enough 'tests' of this exploit. On Mon, Dec 13, 2010 at 9:32 PM, Cal Leeming [Simplicity Media Ltd] < cal.leeming () simplicitymedialtd co uk> wrote:
Actually Ryan, I'll think you'll find a lot of people just wanted to contribute towards testing, as most authors will appreciate the masses testing on as many systems as possible. It's not a case of anyone "showing off", it's simply that a lot of people simply don't have time to read the "small print". On Mon, Dec 13, 2010 at 9:27 PM, Ryan Sears <rdsears () mtu edu> wrote:Hey Dan, Freaking THANK YOU first and foremost. I've been waiting for someone to say that for days now, and was just about to myself. Just because everyone and their brother want's to show off that they can compile & run some software (herp a derp, good job) DOESN'T mean they should immediately post it here. I tested it against an OLDER KERNEL on purpose because I actually read the headers and the exploit worked as expected. I knew that this was responsibly disclosed, so it was already patched on any system that I updated. If you don't have the proper symbols, then the exploit doesn't have the proper offsets, and the exploit will fail. Plain and simple. *THEN* there's people who don't even bother to read that "Red Hat does not support Econet by default". DOES NOT. As in the exploit WON'T WORK! It's pathetic that the original exploit dev has to waste his time saying the same thing 5 times. </rant> Ryan Sears ----- Original Message ----- From: "dan j rosenberg" <dan.j.rosenberg () gmail com> To: "Cal Leeming [Simplicity Media Ltd]" < cal.leeming () simplicitymedialtd co uk>, full-disclosure-bounces () lists grok org uk, "Ariel Biener" < ariel () post tau ac il> Cc: "leandro lista" <leandro_lista () portari com br>, firebits () backtrack com br, bugtraq () securityfocus com, full-disclosure () lists grok org uk Sent: Monday, December 13, 2010 4:08:05 PM GMT -05:00 US/Canada Eastern Subject: Re: [Full-disclosure] Linux kernel exploit Please don't inundate me with e-mail because none of you bothered to read the exploit header. The exploit so far has a 100% success rate on the systems it was designed to work on. I don't think this is rocket science. If your distribution does not compile Econet, then the exploit obviously won't be able to open an Econet socket. This includes Arch Linux, Gentoo, Fedora, Red Hat, CentOS, Slackware, and more. This doesn't mean you're not vulnerable, it just means this particular exploit won't work. If your distro doesn't export the relevant symbols (Debian), ditto above. If your distro has patched the Econet vulnerabilities I used to trigger this (Ubuntu), ditto above. This was done on purpose, to avoid giving a weaponized exploit to people who shouldn't have one. -Dan Sent from my Verizon Wireless BlackBerry -----Original Message----- From: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming () simplicitymedialtd co uk> Sender: full-disclosure-bounces () lists grok org uk Date: Mon, 13 Dec 2010 20:40:45 To: Ariel Biener<ariel () post tau ac il> Cc: <leandro_lista () portari com br>; <firebits () backtrack com br>; < bugtraq () securityfocus com>; <full-disclosure () lists grok org uk> Subject: Re: [Full-disclosure] Linux kernel exploit _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- Cal Leeming Operational Security & Support Team *Out of Hours: *+44 (07534) 971120 | *Support Tickets: * support () simplicitymedialtd co uk *Fax: *+44 (02476) 578987 | *Email: *cal.leeming () simplicitymedialtd co uk *IM: *AIM / ICQ / MSN / Skype (available upon request) Simplicity Media Ltd. All rights reserved. Registered company number 7143564 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Linux kernel exploit, (continued)
- Re: Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 13)
- Re: Linux kernel exploit Benji (Dec 13)
- Re: Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 13)
- Re: Linux kernel exploit Benji (Dec 13)
- Re: Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 13)
- Re: Linux kernel exploit Eyeballing Weev (Dec 13)
- Re: Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 13)
- Re: Linux kernel exploit Benji (Dec 13)
- Re: Linux kernel exploit Ariel Biener (Dec 14)