Full Disclosure mailing list archives
Re: OpenBSD kernel relinking is not transactional and a local exploit exists
From: pesco () khjk org
Date: Mon, 19 Jun 2023 16:59:00 +0200
C. W. Schech on Sat, Jun 17 2023:
/usr/share/relink, so arbitrary objects can be injected ...
By who? Which user ID specifically?
Install media are also open to tampering and exploitation as signed checksum data are not carried with the install sets inside the installation image
And clearly such checksums could not be tampered with?
this is a critical vulnerability and likely deliberate back door
PoC or GTFO. rolling on the floor laughing _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- OpenBSD kernel relinking is not transactional and a local exploit exists Schech, C. W. ("Connor") (Jun 19)
- Re: OpenBSD kernel relinking is not transactional and a local exploit exists jvoisin via Fulldisclosure (Jun 21)
- Re: OpenBSD kernel relinking is not transactional and a local exploit exists pesco (Jun 21)