[iSEC] Linux kernel do_brk() vulnerability details

From: Paul Starzetz (paul_at_isec.pl)
Date: 12/05/03

  • Next message: Mandrake Linux Security Team: "MDKSA-2003:111 - Updated rsync packages fix heap overflow vulnerability" 
    Date: Fri, 5 Dec 2003 00:04:59 +0100 (CET)
To: bugtraq@securityfocus.com, <vulnwatch@vulnwatch.org>, <full-disclosure@lists.netsys.com>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi,

    We have released a paper covering technical details of the do_brk() bug
    and the results of our research done while writing the exploit code.
    It also describes the numerous techniques we have used to create a very
    effective exploit code that leads to full privilege escalation even on
    systems running a kernel secured with various security patches.

    It can be found at: http://isec.pl/papers/linux_kernel_do_brk.pdf

    Regards,

    - --
    Paul Starzetz
    iSEC Security Research
    http://isec.pl/

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQE/z7vdC+8U3Z5wpu4RAkP0AKDH0sNST6CjjTmIfGTSETSAa922hgCfR3mz
    tSWdaV41pn1zznrPb/8lQtA=
    =VOlJ
    -----END PGP SIGNATURE-----

  • Next message: Mandrake Linux Security Team: "MDKSA-2003:111 - Updated rsync packages fix heap overflow vulnerability"

    Relevant Pages
    • Quantcast