Dailydave mailing list archives
Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
From: spender () grsecurity net (Brad Spengler)
Date: Mon, 20 Jul 2009 09:36:52 -0400
I am not sure about the SELinux policy error he used to exploit the RHEL 5.? Beta.
It was a default RHEL 5.3 SELinux policy. The same vulnerability from the policy exists in Fedora 10 and 11. I haven't tested anything else, but I imagine lots more are vulnerable (and it doesn't matter what kernel you're running). There will be a CVE for this vulnerability as well. (Really there should have been a CVE for the lack of -fno-delete-null-pointer-checks instead of pretending the only problem was /dev/net/tun. As the commit to add it showed (and at least 10 other commits to the kernel this weekend) lots of other code was affected, so someone not applying a fix for a CVE mentioning only /dev/net/tun because they don't have the code for /dev/net/tun compiled in, is going to be missing out on a number of fixes). -Brad
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Marcus Meissner (Jul 20)
- Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia (Jul 22)
- Re: [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Brad Spengler (Jul 22)
- Message not available