I just look arround on milw0rm today and searching for linux kernel exploit, luckily i find four new linux kernel exploits.
- First exploit is to attack linux kernel locally using exit_notify() function vulnerability. This flaw affects linux kernel less than 2.6.29 (most of linux kernel). Just take a look here for the proof of concept.
- Second exploit is to attack linux kernel locally using UDEV vulnerability. Udev less than 1.4.1 is reported that it doesn’t verify wheter a NETLINK message originates from kernel space, which allows local users to gain root priviledge by sending a NETLINK message from user space. Let take a look here and here for the proof of concept.
- Third exploit is to attack linux kernel remotely using SCTP FWD memory corruption. Some people say this bug isn’t exploitable untill sgrakkyu gives his explanation. Sgrakkyu explanation can be read here, take a look here for the proof of concept. This flaw affects most of linux kernel.
- Fourth exploit is to attack linux kernel locally using ptrace_attach() function vulnerability. This flaw affects linux kernel version 2.6.29. Just take a look here and here for the proof of concept.
Now i just think, which is more secure by default “linux or windows??“, even openbsd which’s claimed as the most secured operating system has a stupid bugs inside its code.
IPSECS Admin is
Email this author | All posts by IPSECS Admin | Subscribe to Entries (RSS)