Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 14 Aug 2009 13:38:36 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc

On Fri, Aug 14, 2009 at 09:12:52AM +0800, Eugene Teo wrote:
> Marcus Meissner wrote:
> > Apparently new root exploit from Brad, see his twitter:
> > http://twitter.com/spendergrsec
> > 
> > The video is a bit sick in my opinion.
> > 
> > Disclosed apparently next week.
> 
> So, the cat is out of the bag. The exploit is available, but so is the
> patch.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692
> http://git.kernel.org/linus/e694958388c50148389b0e9b9e9e8945cf0f1b98

Just for the record, the other members of the affected struct were audited for
NULL checks and found clean.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ