Full Disclosure: Re: help: I need to crack my box

[Valdis.Kletnieks () vt edu]

On Tue, 22 Jul 2008 10:51:48 +0200, Lucio Crusca said:

> tried looking for "2.6.24-1-686 exploit" and "2.6.24-1-686 poc" but I can't
> find anything.
Hint - try being a bit less restrictive in the version, and remember that
usually, the posting either includes the release that the hole was introduced,
or when it was fixed.  See Brad Spengler's recent thread, which included
this text:

> To illustrate the point, in the 2.6.25.10 kernel, the following fix was 
> included with the commit message of:
> Roland McGrath (1):
>      x86_64 ptrace: fix sys32_ptrace task_struct leak
> The kernel was released with no mention of security vulnerabilities in 
> the announcement, only "assorted bugfixes".
> Put simply, it only took about an hour or so to develop a PoC for this 
> exploitable vulnerability which affects 64bit x86_64 kernels since 
> January.
Linus released 2.6.24 on Jan 24.  Do the math. ;)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/