Full Disclosure mailing list archives
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
From: yersinia <yersinia.spiros () gmail com>
Date: Fri, 17 Jul 2009 09:34:54 +0200
On Fri, Jul 17, 2009 at 4:26 AM, Brad Spengler<spender () grsecurity net> wrote:
Title says it all, exploit is at: http://grsecurity.net/~spender/cheddar_bay.tgz Everything is described and explained in the exploit.c file. I exploit a bug that by looking at the source is unexploitable; I defeat the null ptr dereference protection in the kernel on both systems with SELinux and those without. I proceed to disable SELinux/AppArmor/LSM/auditing Exploit works on both 32bit and 64bit kernels. Links to videos of the exploit in action are present in the exploit code.
Awesome, very informative as usual. i have forwarded to dailydave - so to permit sgrubb to pick it -.and oss security also. BTW, would be nice and perhaps useful for the casual reader update with this your comments on http://magazine.redhat.com/2007/05/04/whats-new-in-selinux-for-red-hat-enterprise-linux-5/ Best regards _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Brad Spengler (Jul 16)
- Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia (Jul 17)