oss-sec mailing list archives
Re: CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc
From: Marcus Meissner <meissner () suse de>
Date: Fri, 14 Aug 2009 13:38:36 +0200
On Fri, Aug 14, 2009 at 09:12:52AM +0800, Eugene Teo wrote:
Marcus Meissner wrote:Apparently new root exploit from Brad, see his twitter: http://twitter.com/spendergrsec The video is a bit sick in my opinion. Disclosed apparently next week.So, the cat is out of the bag. The exploit is available, but so is the patch. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692 http://git.kernel.org/linus/e694958388c50148389b0e9b9e9e8945cf0f1b98
Just for the record, the other members of the affected struct were audited for NULL checks and found clean. Ciao, Marcus
Current thread:
- new root exploit from Brad Marcus Meissner (Aug 13)
- CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc Eugene Teo (Aug 13)
- Re: CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc Marcus Meissner (Aug 14)
- CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc Eugene Teo (Aug 13)