|
|
Subscribe / Log in / New account

A story of three kernel vulnerabilities

A story of three kernel vulnerabilities

Posted Feb 19, 2013 20:28 UTC (Tue) by hibiscus (guest, #86633)
Parent article: A story of three kernel vulnerabilities

Just for the record, the attached "PoC" code, really was "PoC". It's very far from a "handy working exploit".

The race is hard to win in this case. And as you can see, the PoC requires a kernel patch to work reliably.

to post comments

A story of three kernel vulnerabilities

Posted Feb 19, 2013 21:00 UTC (Tue) by drag (guest, #31333) [Link] (4 responses)

'work reliably' is a relative term.

How many times can a script kiddie try the exploit in a minute? In a hour? In a day? I don't know the details on this exploit, but I expect the answers to any of those questions should range from the thousands to the tens of thousand attempts.

How many times does it have to work? The answer, of course, is 'once'. So if the exploit is as little as 0.0001% reliable I bet it can can lead to a rooted computer 100% of the time given the right circumstances.

A story of three kernel vulnerabilities

Posted Feb 19, 2013 21:30 UTC (Tue) by hibiscus (guest, #86633) [Link] (3 responses)

bruteforcing could be baked into a real exploit, but if you're not smart about it it could still take days.

A story of three kernel vulnerabilities

Posted Feb 20, 2013 4:09 UTC (Wed) by rahvin (guest, #16953) [Link] (2 responses)

The point is that even a bad exploit that takes days could be scripted to run automatically while the cracker does other things. Unless you've got some rate limiting on such things a script can be written to automate even a 0.000001% success rate into a 100% success rate given time.

A story of three kernel vulnerabilities

Posted Feb 21, 2013 15:03 UTC (Thu) by alankila (guest, #47141) [Link] (1 responses)

To inject some numbers to this claim, and unless I am badly mistaken, the failure chance is 99.999999%. Raising that number to the power of approximately 70 million yields around 50 % success probability. It is fundamentally a matter of chance, so 100% success can never be achieved, though something very close to it can be achieved, of course.

In any case this sort of probabilities require means to fire the attack several times per second or it will probably take years of continuous attempting before succeeding. Unfortunately ptrace sounds like the sort of thing you can try thousands of times per second.

A story of three kernel vulnerabilities

Posted Feb 21, 2013 16:20 UTC (Thu) by drag (guest, #31333) [Link]

I am guessing that those numbers are the worst case scenario when it comes to the viewpoint of the attacker. I would expect that there are a significant number of things that can be done to improve the odds.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds