|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Juergen Pabel (juergen
pabel.net)Date: Fri Jun 29 2001 - 11:39:08 CDT
Summary:
CylantSecure is a kernel patch and system that analyses behavior and kills
programs that deviates from the "normal" system behaviour. The
vulnerability lies in the processessing delay that occurs between a process
violating some security rule and the actual killing of the process (a user
space analyser). By inserting a module (which in itself is a violation, but
due to the mentioned delay it suceeds) that reroutes function pointers the
system can effectively be disabled. The vulnerability exists in
CylantSecure 1.1 and earlier (the Cylant Team has been notified and is
working on a fix).
Attached is an exploit for this vulnerability.
Juergen Pabel
juergenpabel.net
- text/x-c attachment: moduleloader.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]