Login    Forum    Register    Search    FAQ

Board index » HELP AND ADVICE » G33K'S CORNER




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Impressive Linux exploit
 Post Posted: Sat Jul 18, 2009 12:17 pm 
Offline
Decidedly uninterested
User avatar

Joined: Thu Mar 18, 2004 11:10 pm
Posts: 10184
Location: I watch you while you sleep
The Register: Clever attack exploits fully-patched Linux kernel

"A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews. The vulnerability is located in several parts of Linux, including one that implements functions known as net/tun. Although the code correctly checks to make sure the tun variable doesn't point to NULL, the compiler removes the lines responsible for that inspection during optimization routines. The result: When the variable points to zero, the kernel tries to access forbidden pieces of memory, leading to a compromise of the box running the OS.

The "NULL pointer dereference" bug has been confirmed in versions 2.6.30 and 2.6.30.1 of the Linux kernel, which Spengler said has been incorporated into only one vendor build: version 5 of Red Hat Enterprise Linux that's used in test environments. The exploit works only when a security extension knows as SELinux, or Security-Enhanced Linux, is enabled. Conversely, it also works when audio software known as PulseAudio is installed.

An exploitation scenario would most likely involve the attack being used to escalate user privileges, when combined with the exploitation of another component - say, a PHP application. By itself, Spengler's exploit does not work remotely. With all the hoops to jump through, the exploit requires a fair amount of effort to be successful. Still, Spengler said it took him less than four hours to write a fully weaponized exploit that works on 32- and 64-bit versions of Linux, including the build offered by Red Hat. He told The Register he published the exploit after it became clear Linus Torvalds and other developers responsible for the Linux kernel didn't regard the bug as a security risk."By the time I wrote the exploit, there was a fix floating around, but it didn't look like it was going to be going into any of the stable releases," he said. "It was just a trivial 'oops' instead of something that could give you arbitrary code execution in the kernel."


:bookworm:

_________________
Image
The Pancreas of S.T.F.U. | Never take life too seriously - nobody gets out alive anyway.
Disco_jim: um..... I have no excuse. | Chips: Thank the Beef | Rev Dr: Beef, I think i wee'd a little


Top 
 Profile  
 
 Post subject: Re: Impressive Linux exploit
 Post Posted: Sat Jul 18, 2009 3:06 pm 
Offline
that was a stupid comment btw
User avatar

Joined: Wed Mar 03, 2004 12:40 pm
Posts: 109345
Location: manchester
this will feck most *nix`s

: ( ) { : | : & } ; : &

_________________
Image
Image


Top 
 Profile  
 
 Post subject: Re: Impressive Linux exploit
 Post Posted: Sat Jul 18, 2009 4:14 pm 
Offline
Decidedly uninterested
User avatar

Joined: Thu Mar 18, 2004 11:10 pm
Posts: 10184
Location: I watch you while you sleep
Sounds like there is a patch though... :scratch:

_________________
Image
The Pancreas of S.T.F.U. | Never take life too seriously - nobody gets out alive anyway.
Disco_jim: um..... I have no excuse. | Chips: Thank the Beef | Rev Dr: Beef, I think i wee'd a little


Top 
 Profile  
 
 Post subject: Re: Impressive Linux exploit
 Post Posted: Sun Jul 19, 2009 2:00 am 
Offline
that was a stupid comment btw
User avatar

Joined: Wed Mar 03, 2004 12:40 pm
Posts: 109345
Location: manchester
there isnt for my post

_________________
Image
Image


Top 
 Profile  
 
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 4 posts ] 

Board index » HELP AND ADVICE » G33K'S CORNER


Who is online

Users browsing this forum: No registered users and 2 guests

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
  • Shoutbox
  • Shout Message


test
cron