edited:check out the excellent article written by our own HQI
crappy boundary checks on user data, results in an attacker being able to execute arbitrary code. The security focus advisory says this is not confirmed but this youtube video shows spender running an exploit named "powerglove" and getting dropped a rootshell. It is in his enlightenment framework here, all knitted up nice with these:
[0] Cheddar Bay: Linux 2.6.30/2.6.30.1 /dev/net/tun local root
[1] Powerglove: Linux 2.6.31 perf_counter local root
[2] The Rebel: Linux < 2.6.19 udp_sendmsg() local root
[3] Wunderbar Emporium: Linux 2.X sendpage() local root
spender after he wrote the 1st
sock_sendpage sploit.
No comments:
Post a Comment