-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello List,
Although for ssh-agent this is just a funny bug and no security
problem, other software might be vulnerable to privilege escalation.
And apart from escalation, the openssl code execution feature
is a nice and very reliable way to load
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello List,
Here are some issues recently discovered:
* Overlayfs over Fuse Privilege Escalation: On some systems, e.g.
Ubuntu Wily, it is possible to place an USERNS overlayfs mount over a
fuse (file system in userspace) mount. Inactive SUID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello List,
Preamble:
As the issue described herein was fixed 20161206 in Linux Kernel
already and publicly disclosed as security vulnerability 20151224,
here is a short writeup and POC exploit to understand the issue and
perform testing.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello List,
This ([1]) is a short article how to use the setgid directory
/var/cache/man to escalate privileges from man/man to man/root on Ubuntu
Vivid and to root/root via the "catman" cron job [2]. In my opinion this
is not a really big issue, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello List,
Here [1] is a short write-up of the Ubuntu Apport kernel_crashdump
symlink vulnerabilities fixed today including some POCs.
While symlink exploitation itself is not really exiting, the creation
of a suitable payload is more interesting:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello List,
I've improved the code and made most of the source-code parameters
also configurable via the command line.
I've also added the row-hammer assembly code itself.
The problem:
* The page fixation code is tested and seems to be 100%
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello List,
Although I have no row-hammer affected hardware, I tried to build a POC that
allows zero-risk exploitation of row-hammer affected DRAM setups, see [1].
The main idea of the POC is to
* reserve complete rows of physical pages (verified