On 08/15/2009 11:12 AM, Arun SAG wrote: > Hi, > > On Sat, Aug 15, 2009 at 11:04 AM, Bharathi Subramanian < > [email protected]> wrote: > >>> The bug involves the way kernel-level routines such as sock_sendpage >>> react when they are left unimplemented. Instead of linking to a >>> corresponding placeholder, (for ex, sock_no_accept), the function >>> pointer is left uninitialized. Sock_sendpage doesn't always validate >>> the pointer before dereferencing it, leaving the OS open to local >>> privilege escalation that can completely compromise the underlying >>> machine. >> > > Here is the exploit : http://www.milw0rm.com/exploits/9436 :)
Exploit is blocked successfully by SELinux (enforced and active by default since Fedora Core 3) in Fedora 11. $ tar xvf proto_ops.tgz exploit.c run.c run.sh $ sh run.sh padlina z lublina! mprotect: Cannot allocate memory $ sudo tailf /var/log/messages Aug 15 13:43:29 localhost setroubleshoot: SELinux is preventing exploit (unconfined_t) "mmap_zero" to <Unknown> (unconfined_t) ---- Rahul _______________________________________________ To unsubscribe, email [email protected] with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
