Re: Another linux kernel NULL pointer vulnerability ( exploit here )
[Posted August 17, 2009 by corbet]
| From: |
| Jon Masters <jonathan-AT-jonmasters.org> |
| To: |
| Development discussions related to Fedora <fedora-devel-list-AT-redhat.com> |
| Subject: |
| Re: Another linux kernel NULL pointer vulnerability ( exploit here ) |
| Date: |
| Mon, 17 Aug 2009 14:00:19 -0400 |
On Fri, 2009-08-14 at 21:23 +0200, Christoph Wickert wrote:
> Am Freitag, den 14.08.2009, 14:39 -0300 schrieb Itamar Reis Peixoto:
> > Hello guy's
> >
> > for the people who don't have updated the kernel.
>
> I'm running kernel-2.6.29.6-217.2.3.fc11.x86_64 and this one is not
> supposed to be fixed, however...
>
> > http://grsecurity.net/%7Espender/wunderbar_emporium.tgz
>
> ... it doesn't work here. Although the author claims it's not stopped by
> SELinux (he even mentions Dan by name), SELinux one more time saves the
> world:
FYI I saw a real life attempt to exploit this over the weekend on a
machine of mine where someone had found a PHP exploit. Fortunately, I
had already upgraded the kernel and their rootkit attempt failed,
however it's worth emphasizing that this is certainly out there.
I have more information on the rootkit they used for legitimate security
researchers who are interested in the issue.
Jon.
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
