|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marcus Meissner (meissner
suse.de)
Date: Mon Jul 20 2009 - 05:01:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jul 17, 2009 at 09:23:03AM +0200, yersinia wrote:
> FYI, a Sprengler 0-day against Selinux null ptr dereference. Very Nice
> to see in action
>
> reference ( with youtube link )
>
> http://grsecurity.net/~spender/cheddar_bay.tgz
Yeah.
Some "minor" bugs and one larger one.
The Linux folks have meanwhile:
- Fixed the actual bug. ;) (CVE-2009-1897)
Only affects 2.6.30,2.6.30.1.
2.6.30.2 release soon.
- Added -fno-delete-null-pointers to their Makefiles
Also in 2.6.30.2 and 2.
- fixed the personality - PER_CLEAR_ON_SETTID inheritance issue (CVE-2009-1895)
to work around mmap_min_addr protection.
Affects 2.6.23-2.6.30.1
2.6.30.2 and 2.6.27.x releases soon.
I am not sure about the SELinux policy error he used to
exploit the RHEL 5.? Beta.
Ciao, Marcus
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]