Folks at @vupen seems to have it exploited the hard way. "We successfully exploited the recent Sudo local root / format string vuln including full bypass of FORTIFY_SOURCE #GotRoot"
Src: https://twitter.com/#!/VUPEN/status/165454997444767745 Cheers, -Román joernchen of Phenoelit escribió: > Hi, > > > On 01/31/2012 05:14 PM, Todd C. Miller wrote: >> joernchen is correct, it is probably still possible to exploit with >> -D_FORTIFY_SOURCE=2, though it is more difficult. On systems with >> ASLR and a non-executable stack it should be even harder. > > nasty thing is: it's a local exploit so you got nearly unlimited tries > for free =). It will just be noisy in dmesg due to all the segfaults > while brute forcing the right values. > > > cheers, > > joernchen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
