[Full-disclosure] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
Brad Spengler
spender at grsecurity.net
Fri Jul 17 03:26:45 BST 2009
Title says it all, exploit is at:
http://grsecurity.net/~spender/cheddar_bay.tgz
Everything is described and explained in the exploit.c file.
I exploit a bug that by looking at the source is unexploitable;
I defeat the null ptr dereference protection in the kernel on
both systems with SELinux and those without.
I proceed to disable SELinux/AppArmor/LSM/auditing
Exploit works on both 32bit and 64bit kernels.
Links to videos of the exploit in action are present in the exploit
code.
Greets to vendor-sec,
-Brad
----- End forwarded message -----
----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090716/997be921/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.