Date: Fri, 14 Aug 2009 13:38:36 +0200 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Subject: Re: CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc On Fri, Aug 14, 2009 at 09:12:52AM +0800, Eugene Teo wrote: > Marcus Meissner wrote: > > Apparently new root exploit from Brad, see his twitter: > > http://twitter.com/spendergrsec > > > > The video is a bit sick in my opinion. > > > > Disclosed apparently next week. > > So, the cat is out of the bag. The exploit is available, but so is the > patch. > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2692 > http://git.kernel.org/linus/e694958388c50148389b0e9b9e9e8945cf0f1b98 Just for the record, the other members of the affected struct were audited for NULL checks and found clean. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ