On Mon, 2008-02-11 at 08:11 -0500, Ben Scott wrote:
On Feb 10, 2008 9:36 PM, Dan Miller [EMAIL PROTECTED] wrote:
I wonder if 64 bit is immune.
I don't understand the details of the code, but I see some
hard-coded values and a lot of assembler. Many exploits depend on
things like buffer
On Feb 10, 2008 9:36 PM, Dan Miller [EMAIL PROTECTED] wrote:
I wonder if 64 bit is immune.
I don't understand the details of the code, but I see some
hard-coded values and a lot of assembler. Many exploits depend on
things like buffer sizes and offsets, so switching to a different word
size
[ I just compiled and tried it. Sure enough, the program below,
run from user mode, gets a root shell. Yike.]
[ There doesn't seem to be any activity on the list since early
Saturday; I imagine that someone else has written about this already.
-Bill]
[ From
I just tried this on Ubuntu-Server (7.04) and it didn't work. Running
2.6.20-16-server
On Feb 10, 2008 7:48 PM, Bill Sconce [EMAIL PROTECTED] wrote:
[ I just compiled and tried it. Sure enough, the program below,
run from user mode, gets a root shell. Yike.]
[ There doesn't seem to be any
On Feb 10, 2008 7:48 PM, Bill Sconce [EMAIL PROTECTED] wrote:
[ I just compiled and tried it. Sure enough, the program below,
run from user mode, gets a root shell. Yike.]
I just tried this on Ubuntu-Server (7.04) and it didn't work. Running
2.6.20-16-server
This worked with my 2.6.22
On Feb 10, 2008 7:48 PM, Bill Sconce [EMAIL PROTECTED] wrote:
[ I just compiled and tried it. Sure enough, the program below,
run from user mode, gets a root shell. Yike.]
Another day, another exploit. Local privilege escalation often
isn't even rated as highest threat these days. It's
This failed with 2.6.23 on x86_64. Get some nice output though:
---
Linux vmsplice Local Root Exploit
By qaaz
---
[+] mmap: 0x1000 .. 0x10001000
[+] page: 0x1000
[+] page: 0x1038
[+] mmap: 0x4000 ..