Bugtraq mailing list archives
Re: [Full-disclosure] Linux kernel exploit
From: Stefan Roas <sroas () roath org>
Date: Fri, 10 Dec 2010 10:08:25 +0100
On Wed Dec 08, 2010 at 11:58:58, John Jacobs wrote:
I've included here a proof-of-concept local privilege escalation exploit for Linux. Please read the header for an explanation of what's going on. Without further ado, I present full-nelson.c:Hello Dan, is this exploitation not mitigated by best practice defense-in-depth strategies such as preventing the CAP_SYS_MODULE capability or '/sbin/sysctl -w kernel.modules_disabled=1' respectively? It seems it'd certainly stop the Econet/Acorn issue. Curious to hear your input as I fear too many rely solely on errata updates and not a good defense-in-depth approach.
Only for this proof-of-concept exploit. The real culprit is CVE-2010-4258. Commit 33dd94ae1ccbfb7bf0fb6c692bc3d1c4269e6177 in Linus kernel tree fixes the issue by doing set_fs(USER_DS) early in do_exit(). I guess this will be in pushed to stable series as well.
Current thread:
- Linux kernel exploit Dan Rosenberg (Dec 08)
- Re: [Full-disclosure] Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 08)
- Re: [Full-disclosure] Linux kernel exploit Ryan Sears (Dec 08)
- Message not available
- Message not available
- Re: [Full-disclosure] Linux kernel exploit Vadim Grinco (Dec 09)
- Re: [Full-disclosure] Linux kernel exploit Cal Leeming [Simplicity Media Ltd] (Dec 08)
- RE: [Full-disclosure] Linux kernel exploit John Jacobs (Dec 09)
- Re: [Full-disclosure] Linux kernel exploit Stefan Roas (Dec 10)
- Re: Linux kernel exploit Wolf (Dec 13)
- Re: Linux kernel exploit Stefan Roas (Dec 14)