Archives
-
CVE-2010-4258: Turning denial-of-service into privilege escalation
Dan Rosenberg recently released a privilege escalation bug for Linux, based on three different kernel vulnerabilities I reported recently. This post is about CVE-2010-4258, the most interesting of them, and, as Dan writes, the reason he wrote the exploit in the first place. In it, I’m going to do a brief tour of the various [...]
Dec 10th, 2010 | Filed under Computer Security, linux -
A brief look at Linux’s security record
After the fuss of the last two weeks because of CVE-2010-3081 and CVE-2010-3301, I decided to take a look at a handful of the high-profile privilege escalation vulnerabilities in Linux from the last few years. So, here’s a summary of the ones I picked out. There are also a large number of smaller ones, like [...]
Sep 26th, 2010 | Filed under Computer Security, linux -
Navigating the Linux Kernel
In response to my query last time, ezyang asked for any tips or tricks I have for finding my way around the Linux kernel. I’m not sure I have much in the way of systematic advice for tracking down the answers to questions about the Linux kernel, but thinking about what I do when posed [...]
Aug 15th, 2010 | Filed under linux -
CVE-2007-4573: The Anatomy of a Kernel Exploit
CVE-2007-4573 is two years old at this point, but it remains one of my favorite vulnerabilities. It was a local privilege-escalation vulnerability on all x86_64 kernels prior to v2.6.22.7. It’s very simple to understand with a little bit of background, and the exploit is super-simple, but it’s still more interesting than Yet Another NULL Pointer [...]
Feb 5th, 2010 | Filed under Computer Security