oss-sec mailing list archives
Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c
From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 1 Jul 2013 10:46:05 +0200
On Sun, Jun 30, 2013 at 04:34:16PM -0700, Steven Ciaburri wrote:
Kurt, I just loaded a a virtual machine at Rackspace Cloud running RHEL. It is a Xen based VM. [steven@rhel ~]$ ./a.out [+] giving ourselves some poison... [+] polluted kernelspace with more crap [+] polluted kernelspace with more crap [+] polluted kernelspace with more crap [+] polluted kernelspace with more crap [+] polluted kernelspace with more crap [+] polluted kernelspace with more crap [+] polluted kernelspace with more crap at which point the server kernel paniced. The server is running 2.6.32-358.11.1.el6.x86_64 I did discover that it appears with SELINUX enabled the POC can go through a considerable amount of tries before it crashes.
Cool, so SELinux is actually doing its job. :) Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Sebastian Krahmer (Jul 01)