Full Disclosure mailing list archives
Re: PaX privilege elevation security bug
From: Christophe Devine <devine () iie cnam fr>
Date: Sun, 13 Mar 2005 10:01:25 +0100
pageexec () freemail hu wrote:
it is definitely exploitable for local users, remote exploitability depends on how much control one can have over executable file mappings in the target
Indeed, this flaw can be exploited locally via the page table cache using the same technique from Paul Starzetz's mremap #2 exploit - there are probably other attack vectors though.
Attachment:
paxomatic.c
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- PaX privilege elevation security bug pageexec (Mar 04)
- <Possible follow-ups>
- Re: PaX privilege elevation security bug cyber_tal0n (Mar 07)
- Re: PaX privilege elevation security bug Christophe Devine (Mar 13)