Re: Linux kernel exploit

[mezgani ali <handrix () gmail com>]

it's worked on 2.6.35.7, nice exploit

On Wed, Dec 8, 2010 at 6:09 AM, Rem7ter <rem7ter () gmail com> wrote:

> Why gcc exp.c -o exp alert "Error: too many Argument"?  I test it in Linux
> 2.6.X.
>
> 2010/12/7 coderman <coderman () gmail com>
>
> On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
> > <dan.j.rosenberg () gmail com> wrote:
> > > ... I've included here a proof-of-concept local privilege escalation
> > exploit...
> > >  * This exploit leverages three vulnerabilities to get root, all of
> > which were
> > >  * discovered by Nelson Elhage:
> > > ...
> > >  * However, the important issue, CVE-2010-4258, affects everyone, and it
> > would
> > >  * be trivial to find an unpatched DoS under KERNEL_DS and write a
> > slightly
> > >  * more sophisticated version of this...
> >
> > nice :)
> >
> > clearly demonstrates why risk is complicated and seemingly minor
> > defects (worth delaying patches for weeks/months? ;) can combine into
> > truly ugly vulnerabilities...
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



-- 
Ali MEZGANI
Network Engineering/Security
http://securfox.wordpress.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/