Linux Kernels vulnerability since 2001 (and still working)

Subscribe via feed.

Linux Kernels vulnerability since 2001 (and still working)

Posted by deepquest on August 16, 2009 – 2:05 pm

Nice work Linus on trying to silently fix an 8 year old vulnerability, leaving vendors without patched
kernels for their users.



 Vulnerability in Linux kernels since 2001.

Exploits the vulnerability in all Linux kernels since 2001. Exploit works on all kernels since 2001.
Disables SELinux, AppArmor, LSM -- you know the drill.
This exploit is a bit  be more interactive, involving a simulated russian roulette
(hence the video) where there would be a 1 in 6 chance of instead of the box being
compromised, it would hot reboot into FreeDOS.
The exploit works on 2.4, 2.6, x86, x64, 4k stacks, 8k stacks, with/without cred framework,
bypasses mmap_min_addr in any public way possible (auto-detecting which method to use).
As always, while in ring0 it provides the added convenience of disabling auditing,
SELinux, AppArmor, and all other LSM modules.  If SELinux is enforcing, it will also rewrite
the SELinux code to fool userland into thinking it remains in enforcing mode.
from Spender

Tags: exploit, kernel, linux
This post is under “Security” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Attack of the killer PNGs Another friend busted: 130 million credit and debit card numbers “borrowed” »

Tabs Switcher

Latest Posts
Popular Posts
Random Posts

Categories

Archives

Meta

BLOGROLL