Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c
From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 1 Jul 2013 10:46:05 +0200

On Sun, Jun 30, 2013 at 04:34:16PM -0700, Steven Ciaburri wrote:
Kurt,

I just loaded a a virtual machine at Rackspace Cloud running RHEL. It is a Xen based VM.

[steven () rhel ~]$ ./a.out
[+] giving ourselves some poison...
[+] polluted kernelspace with more crap
[+] polluted kernelspace with more crap
[+] polluted kernelspace with more crap
[+] polluted kernelspace with more crap
[+] polluted kernelspace with more crap
[+] polluted kernelspace with more crap
[+] polluted kernelspace with more crap

at which point the server kernel paniced. 

The server is running 2.6.32-358.11.1.el6.x86_64
I did discover that it appears with SELINUX enabled the POC can go through a considerable amount of tries before it 
crashes.

Cool, so SELinux is actually doing its job. :)

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team


  By Date           By Thread  

Current thread:
  • Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Sebastian Krahmer (Jul 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]