Re: [Full-disclosure] Linux kernel exploit



Please don't inundate me with e-mail because none of you bothered to read the exploit header.

The exploit so far has a 100% success rate on the systems it was designed to work on.

I don't think this is rocket science. If your distribution does not compile Econet, then the exploit obviously won't be able to open an Econet socket. This includes Arch Linux, Gentoo, Fedora, Red Hat, CentOS, Slackware, and more. This doesn't mean you're not vulnerable, it just means this particular exploit won't work.

If your distro doesn't export the relevant symbols (Debian), ditto above.

If your distro has patched the Econet vulnerabilities I used to trigger this (Ubuntu), ditto above.

This was done on purpose, to avoid giving a weaponized exploit to people who shouldn't have one.

-Dan


Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: "Cal Leeming [Simplicity Media Ltd]"
<cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
Date: Mon, 13 Dec 2010 20:40:45
To: Ariel Biener<ariel@xxxxxxxxxxxxxx>
Cc: <leandro_lista@xxxxxxxxxxxxxx>; <firebits@xxxxxxxxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx>; <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Linux kernel exploit

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Relevant Pages

  • Re: [Full-disclosure] Linux kernel exploit
    ... If your distro has patched the Econet vulnerabilities I used to trigger this, ditto above. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Linux kernel exploit
    ... Subject: [Full-disclosure] Linux kernel exploit ... If your distro has patched the Econet vulnerabilities I used to trigger this, ditto above. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Bugtraq)
  • Re: [Full-disclosure] Linux kernel exploit
    ... Subject: [Full-disclosure] Linux kernel exploit ... If your distro has patched the Econet vulnerabilities I used to trigger this, ditto above. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)