OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable

From: Brad Spengler (spendergrsecurity.net)
Date: Thu Jul 16 2009 - 21:26:45 CDT


Title says it all, exploit is at:
http://grsecurity.net/~spender/cheddar_bay.tgz

Everything is described and explained in the exploit.c file.
I exploit a bug that by looking at the source is unexploitable;
I defeat the null ptr dereference protection in the kernel on
both systems with SELinux and those without.
I proceed to disable SELinux/AppArmor/LSM/auditing

Exploit works on both 32bit and 64bit kernels.

Links to videos of the exploit in action are present in the exploit
code.

Greets to vendor-sec,
-Brad

----- End forwarded message -----

----- End forwarded message -----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKX+FkmHm2SUJF1GoRAhrwAJ9DTa3N1Ljs8Ek+WrsWXpqtcTjPPwCePCbW
0vHH8sF2DdXy4HdAR6JQXq0=
=99Wv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/