Another kernel NULL pointer vulnerability

Posted Aug 14, 2009 4:33 UTC (Fri) by spender (guest, #23067)
Parent article: Another kernel NULL pointer vulnerability

Exploit code has been at:
http://grsecurity.net/~spender/wunderbar_emporium.tgz

It works on any vulnerable kernel (I've tested extensively here on at least 15 VMs, x86, x64, 2.4, 2.6, with creds, without creds, 4k stacks, 8k stacks).

-Brad

Another kernel NULL pointer vulnerability

Posted Aug 15, 2009 16:30 UTC (Sat) by forcer (guest, #60276) [Link] (1 responses)

are you sure this is the right exploit? did you even look at it? this does
seems as a older pulseaudio bug, which is already patched as far as I know.

Another kernel NULL pointer vulnerability

Posted Aug 15, 2009 17:34 UTC (Sat) by spender (guest, #23067) [Link]

It's supposed to work on any kernel, so it uses every public technique to mmap at 0, despite whatever protections are in place. That's why the pulseaudio stuff is present in it.

-Brad