|
Full Disclosure
mailing list archives
Re: Re: Linux kernel do_mremap() proof-of-concept exploit code
From: Pierre BETOUIN <info16 () ifrance com>
Date: Tue, 06 Jan 2004 23:57:05 +0100
That's true. The piece of vulnerable code is here :
#ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC
if (current->flags & PF_PAX_SEGMEXEC) {
if (new_len > SEGMEXEC_TASK_SIZE || new_addr
> SEGMEXEC_TASK_SIZE-new_len)
goto out;
} else
#endif
The PoC can be easily adapted.
Pierre
Le mar 06/01/2004 à 21:34, backblue a écrit :
On Tue, 6 Jan 2004 11:47:26 -0700
"Epic" <epic () hack3r com> wrote:
I too tested it on my 2.4.23 kernel with grsec, and nothing.
----- Original Message -----
From: "Daniel Husand" <io () naiv us>
To: <full-disclosure () lists netsys com>
Sent: Tuesday, January 06, 2004 10:54 AM
Subject: [Full-disclosure] Re: Linux kernel do_mremap() proof-of-concept
exploit code
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christophe Devine wrote:
| The following program can be used to test if a x86 Linux system
| is vulnerable to the do_mremap() exploit; use at your own risk.
|
| $ cat mremap_poc.c
|
This didnt do anything on my 2.4.23-grsec kernel.
- --
Daniel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQE/+vZz1PIgHh6MkiIRAiqNAKCiuyxtA9rgaAS+eT3o9ATvLE7EuQCeJAZP
Xf8JIDehgtGba4b1Eb2Qv0w=
=xyYM
-----END PGP SIGNATURE-----
--
Pierre BETOUIN
http://securitech.homeunix.org
http://www.challenge-securitech.com
GnuPG key : E7AD 29A1 7345 5BA0 9469 DE62 2CD5 9242 94D9 CB23
lynx -dump securitech.homeunix.org/pbetouin.asc | gpg --import
Attachment:
signature.asc
Description: Ceci est une partie de message numériquement signée.
 By Date 
By Thread
Current thread:
Re: Linux kernel do_mremap() proof-of-concept exploit code Ariel Biener (Jan 06)
| 
Intro
