Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c

[Sebastian Krahmer <krahmer () suse de>]

On Sun, Jun 30, 2013 at 04:34:16PM -0700, Steven Ciaburri wrote:
> Kurt,
>
> I just loaded a a virtual machine at Rackspace Cloud running RHEL. It is a Xen based VM.
>
> [steven@rhel ~]$ ./a.out
> [+] giving ourselves some poison...
> [+] polluted kernelspace with more crap
> [+] polluted kernelspace with more crap
> [+] polluted kernelspace with more crap
> [+] polluted kernelspace with more crap
> [+] polluted kernelspace with more crap
> [+] polluted kernelspace with more crap
> [+] polluted kernelspace with more crap
>
> at which point the server kernel paniced. 
>
> The server is running 2.6.32-358.11.1.el6.x86_64
> I did discover that it appears with SELINUX enabled the POC can go through a considerable amount of tries before it 
> crashes.

Cool, so SELinux is actually doing its job. :)

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team