[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Confirm? New local root exploits



On Sat, Jan 08, 2005 at 12:16:00AM +0100, Szabó Ákos wrote:
> Brad Spengler send a mail to the grsecurity list, and He wrote:
> 
> 3) 2.4/2.6 random poolsize sysctl handler integer overflow
> 4) 2.6 scsi ioctl integer overflow and information leak
> 5) 2.2/2.4/2.6 moxa serial driver bss overflow
> 6) 2.4/2.6 RLIMIT_MEMLOCK bypass and (2.6) unprivileged user DoS
> 7) Attachments, including patches for all vulns, a POC for #3, and a
>    working exploit for #6
> 
> He talk about 2.4.28, and 2.6.10. If You want, I can forward the whole
> message.
> 
> The -ac6 patch fixed those problems?

-ac7 (as of about 5 mins ago)

The real 3. Given Moxa doesnt even compile in 2.6 that didn't make sense. Also
moxa had a more serious hole he missed.

It seems to be security day. -ac8 will fix another hole or two (less serious)
probably tomorrow.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]