Re: Linux NULL pointer dereference

[arpunk <arpunk () cyberdelic org>]

On Wed, Aug 19, 2009 at 7:42 AM, Camilo Uribe<camilo.uribe () gmail com> wrote:
> On Mon, Aug 17, 2009 at 2:06 PM, Ben Greenfield<bcg () struxural com> wrote:
> > > Now, back to some real pen-test stuff.... Anyone had a chance to leverage
> > > the recent Linux NULL pointer dereference bug in proto_ops in an engagement?
> >
> > I have not yet had the chance to use this in an engagement, but I feel
> > like this is one that's going to be around for a _long time_ because
> > of how many different versions are affected.
> >
> > Also, I've done some testing with this vulnerability, and haven't been
> > able to get it working against Ubuntu Jaunty 9.04 on an AMD64.  My
> > understanding is that all architectures are vulnerable... has anyone
> > had any success against AMD64 with this?
> >
> > On all the x86 platforms I've tested it against (Ubuntu 8.04 LTS x86,
> > Debian 5 x86, Xen virtualized 2.6 linux x86) it worked as expected and
> > resulted in local privilege escalation to root.
>
> The USN(Ubuntu Security Notice) http://www.ubuntu.com/usn/usn-819-1
> says: "By default, Ubuntu 8.04 and later with a non-zero
> /proc/sys/vm/mmap_min_addr setting were not vulnerable"

Funny... we just owned one in Casa del Bosque today ;)

-- 
No matter where you go, everyone's connected.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------