Stable kernel 2.6.25.10 [LWN.net]

Stable kernel 2.6.25.10

Posted Jul 7, 2008 2:35 UTC (Mon) by spender (subscriber, #23067)
In reply to: Stable kernel 2.6.25.10 by nix
Parent article: Stable kernel 2.6.25.10

I wrote a working PoC for the vulnerability today.  It only takes 20 minutes for me (inside a
3.3ghz single-processor VM).

-Brad

(Log in to post comments)

Stable kernel 2.6.25.10

Posted Jul 7, 2008 6:48 UTC (Mon) by nix (subscriber, #2304) [Link]

... and if it took you twenty minutes, your average script kiddie would 
take weeks, if ever. (Of course, buying a copy from a blackhat with 
similar skills would probably be faster.)

Stable kernel 2.6.25.10

Posted Jul 7, 2008 7:49 UTC (Mon) by PaXTeam (subscriber, #24616) [Link]

the 20 mins was the runtime of the exploit, not its development time.

Stable kernel 2.6.25.10

Posted Jul 7, 2008 19:43 UTC (Mon) by nix (subscriber, #2304) [Link]

I thought 20 minutes seemed awfully fast to write an exploit from scratch, 
but I'm not very good at that sort of thing so I thought maybe skilled 
people are faster.

(Still, if a random blackhat tries to eat that amount of CPU time on any 
of my security-important systems all sorts of alarms would go off. But 
maybe that's more paranoia than most people show, and I suppose if the 
attacker knew about those monitoring systems he could distribute the 
computational work among numerous processes and a long stretch of time. 
Still, again, if an attacker knows that much, I'm dead anyway. Maybe this 
is significant to unmonitored systems with untrusted local users, and I 
suppose it makes it easier to escalate to root once you've got in via some 
vulnerable network service, but if the attacker's managed that, again, 
you're dead anyway: and most attackers these days don't *care* about 
escalation to root: all they care about is being able to spam like crazy, 
and being able to spy on the user, and an attack via, say, a browser 
vulnerability will give them all of that.)