[Full-disclosure] Registration Weakness in Linux Kernel's Binary formats
SHELLCODE Security Research
GoodFellas at shellcode.com.ar
Tue Oct 3 19:32:08 BST 2006
Hello,
The present document aims to demonstrate a design weakness found in the
handling of simply
linked lists used to register binary formats handled by
Linux kernel, and affects all the kernel
families (2.0/2.2/2.4/2.6), allowing the insertion of infection modules
in kernel space that can be
used by malicious users to create infection tools, for example rootkits.
POC, details and proposed solution at:
English version: http://www.shellcode.com.ar/docz/binfmt-en.pdf
Spanish version: http://www.shellcode.com.ar/docz/binfmt-es.pdf
regards,
--
SHELLCODE Security Research TEAM
GoodFellas at shellcode.com.ar
http://www.shellcode.com.ar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20061003/c6f1e1d3/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.