Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-Disclosure] Re: Advisory 04/2004: Net(Free)BSD Systrace local root vulnerability
Date: Mon May 10 2004 - 23:26:38 CDT
Just to clarify, this advisory does not involve either of the two
vulnerabilities that I discovered over a year ago now that still remain
unpatched. The one bug is a local root on Linux, NetBSD, FreeBSD,
OpenBSD, and Mac OS X, and any other OS systrace is ported to in the
future. The other bug is a complete bypass of systrace's "security" on
Maybe keep looking Stefan ;)
If you can find them, I'll release my fulling working MENU-BASED
exploit. Actually, I was quite upset at first that someone had killed
my bug but then I read the advisory closer and realized it was a
different local root, imagine that ;) It amazes me that Niels has known
a local root vulnerability has existed in his code for over a year and
yet he hasn't even bothered to audit his own code, but instead continues
to promote it.
"I am looking forward to his local root exploit for systrace."
Sorry Niels, no such luck today :(
It was close!
Full-Disclosure - We believe in it.