|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability
spender
grsecurity.net
Date: Mon May 10 2004 - 23:26:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Just to clarify, this advisory does not involve either of the two
vulnerabilities that I discovered over a year ago now that still remain
unpatched. The one bug is a local root on Linux, NetBSD, FreeBSD,
OpenBSD, and Mac OS X, and any other OS systrace is ported to in the
future. The other bug is a complete bypass of systrace's "security" on
Linux.
Maybe keep looking Stefan ;)
If you can find them, I'll release my fulling working MENU-BASED
exploit. Actually, I was quite upset at first that someone had killed
my bug but then I read the advisory closer and realized it was a
different local root, imagine that ;) It amazes me that Niels has known
a local root vulnerability has existed in his code for over a year and
yet he hasn't even bothered to audit his own code, but instead continues
to promote it.
http://monkey.org/openbsd/archive/misc/0304/msg01400.html
"I am looking forward to his local root exploit for systrace."
Sorry Niels, no such luck today :(
It was close!
-Brad
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]