On Mon, Feb 6, 2012 at 11:56 AM, Roman Medina-Heigl Hernandez <[email protected]> wrote: > Folks at @vupen seems to have it exploited the hard way. > > "We successfully exploited the recent Sudo local root / format string vuln > including full bypass of FORTIFY_SOURCE #GotRoot"
Yep, looks like. I hope it will not be like with the Chrome Sandbox bypass that was achieved through a flash 0day :-) Maybe this time they exploited sudo through CUPS 1.1 ahah antisnatchor > > Src: > https://twitter.com/#!/VUPEN/status/165454997444767745 > > Cheers, > -Román > > joernchen of Phenoelit escribió: >> Hi, >> >> >> On 01/31/2012 05:14 PM, Todd C. Miller wrote: >>> joernchen is correct, it is probably still possible to exploit with >>> -D_FORTIFY_SOURCE=2, though it is more difficult. On systems with >>> ASLR and a non-executable stack it should be even harder. >> >> nasty thing is: it's a local exploit so you got nearly unlimited tries >> for free =). It will just be noisy in dmesg due to all the segfaults >> while brute forcing the right values. >> >> >> cheers, >> >> joernchen > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- /antisnatchor _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
