A story of three kernel vulnerabilities

Posted Feb 19, 2013 21:30 UTC (Tue) by hibiscus (guest, #86633)
In reply to: A story of three kernel vulnerabilities by drag
Parent article: A story of three kernel vulnerabilities

bruteforcing could be baked into a real exploit, but if you're not smart about it it could still take days.

A story of three kernel vulnerabilities

Posted Feb 20, 2013 4:09 UTC (Wed) by rahvin (guest, #16953) [Link] (2 responses)

The point is that even a bad exploit that takes days could be scripted to run automatically while the cracker does other things. Unless you've got some rate limiting on such things a script can be written to automate even a 0.000001% success rate into a 100% success rate given time.

A story of three kernel vulnerabilities

Posted Feb 21, 2013 15:03 UTC (Thu) by alankila (guest, #47141) [Link] (1 responses)

To inject some numbers to this claim, and unless I am badly mistaken, the failure chance is 99.999999%. Raising that number to the power of approximately 70 million yields around 50 % success probability. It is fundamentally a matter of chance, so 100% success can never be achieved, though something very close to it can be achieved, of course.

In any case this sort of probabilities require means to fire the attack several times per second or it will probably take years of continuous attempting before succeeding. Unfortunately ptrace sounds like the sort of thing you can try thousands of times per second.

A story of three kernel vulnerabilities

Posted Feb 21, 2013 16:20 UTC (Thu) by drag (guest, #31333) [Link]

I am guessing that those numbers are the worst case scenario when it comes to the viewpoint of the attacker. I would expect that there are a significant number of things that can be done to improve the odds.