Re: Remote kernel bug in SCTP?

[Jeremy Brown <0xjbrown41 () gmail com>]

I love the amount of research you put into this, challenges can be fun
and quite beneficial as we all know. Although the world just tilted
slightly, great work =)

On Mon, Apr 27, 2009 at 9:49 PM, sgrakkyu <sgrakkyu () openssl it> wrote:
> dave wrote:
> > Did everyone else already know about this bug? So you connect to an SCTP
> > endpoint, then send a packet to overwrite arbitrary kernel data? That'd
> > be cool.
> >
> > This is where Phillipe tells us about his scanner from 2002. :>
> >
> > -dave
>
> Hi everybody, I saw some stream of mails wondering about this SCTP
> issue: some sayin' it's a D.o.S., some other thinking about a local
> exploit.
> It started as a challenge and it ended up as a lot of fun and a reliable
> one-shot remote exploit for Linux SLUB/SLABs
>
> Here you go the link: http://sgrakkyu.antifork.org/sctp_houdini.c
> (it covers x86-64 kernels only)
>
> and here you go a small blog post I made for it:
> http://kernelbof.blogspot.com
> More details might be added, if someone is interested.
> Hope you'll have at least half of the fun I had in developing it:)
>
> Cheers,
>
>  -sgrakkyu
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave