Gentoo Archives: gentoo-security

From: Corey Shields <cshields@g.o>
To: dmonnier@×××××××.edu, gentoo-security@g.o
Subject: [gentoo-security] [Fwd: [USSG-Group] [iSEC] Linux kernel do_brk() vulnerability details (fwd)]
Date: Fri, 05 Dec 2003 17:01:08
Message-Id: 3FD10E1F.7020606@gentoo.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI..

- -------- Original Message --------
Subject: [USSG-Group] [iSEC] Linux kernel do_brk() vulnerability details
(fwd)
Resent-Date: Fri,  5 Dec 2003 14:40:55 -0500 (EST)
Resent-From: group@×××××××.edu
Date: Fri, 5 Dec 2003 14:40:52 -0500 (EST)
From: matt link <mrlink@×××××××.edu>
Reply-To: group@×××××××.edu
To: ussg - group <group@××××××××××××.edu>


fyi, in case you haven't seen this...

Matt Link  --  Unix Systems Support Group
Research and Academic Computing Indiana University

- -- gpg fingerprint --
5783 07D7 057C 40BD C5AE  D352 8277 09B4 5490 4E58
- -- gpg key --
http://ussg.iu.edu/~mrlink/mrlink.pub.key


- ---------- Forwarded message ----------
Date: Fri, 5 Dec 2003 00:04:59 +0100 (CET)
From: Paul Starzetz <paul@××××.pl>
Reply-To: security@××××.pl
To: bugtraq@×××××××××××××.com, vulnwatch@×××××××××.org,
~     full-disclosure@××××××××××××.com
Subject: [iSEC] Linux kernel do_brk() vulnerability details

Hi,

We have released a paper covering technical details of the do_brk() bug
and the results of our research done while writing the exploit code.
It also describes the numerous techniques we have used to create a very
effective exploit code that leads to full privilege escalation even on
systems running a kernel secured with various security patches.

It can be found at: http://isec.pl/papers/linux_kernel_do_brk.pdf

Regards,

- --
Paul Starzetz
iSEC Security Research
http://isec.pl/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/0Q4fpq/4o6MEFFMRAmjqAJ9ki/Srw9VkeolZJ8WinD6o98gPeQCg3w4U
12XUBstU6hOOv0RJC2wI/vA=
=ROig
-----END PGP SIGNATURE-----


--
gentoo-security@g.o mailing list