Dailydave: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable

From: spender () grsecurity net (Brad Spengler)
Date: Thu, 16 Jul 2009 20:57:36 -0400

Title says it all, exploit is at:
http://grsecurity.net/~spender/cheddar_bay.tgz

Everything is described and explained in the exploit.c file.
I exploit a bug that by looking at the source is unexploitable;
I defeat the null ptr dereference protection in the kernel on 
both systems with SELinux and those without.
I proceed to disable SELinux/AppArmor/LSM/auditing

Exploit works on both 32bit and 64bit kernels.

Links to videos of the exploit in action are present in the exploit 
code.

Greets to vendor-sec, 
-Brad

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

By Date By Thread

Current thread:

Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Brad Spengler (Jul 17)
- As-if Infinitely Ranged Integer Model Robert Seacord (Jul 22)