Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: help: I need to crack my box
From: Valdis.Kletnieks () vt edu
Date: Tue, 22 Jul 2008 10:50:39 -0400

On Tue, 22 Jul 2008 10:51:48 +0200, Lucio Crusca said:

tried looking for "2.6.24-1-686 exploit" and "2.6.24-1-686 poc" but I can't
find anything.

Hint - try being a bit less restrictive in the version, and remember that
usually, the posting either includes the release that the hole was introduced,
or when it was fixed.  See Brad Spengler's recent thread, which included
this text:

To illustrate the point, in the kernel, the following fix was 
included with the commit message of:
Roland McGrath (1):
     x86_64 ptrace: fix sys32_ptrace task_struct leak

The kernel was released with no mention of security vulnerabilities in 
the announcement, only "assorted bugfixes".

Put simply, it only took about an hour or so to develop a PoC for this 
exploitable vulnerability which affects 64bit x86_64 kernels since 

Linus released 2.6.24 on Jan 24.  Do the math. ;)

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]