[SECURITY-L] [S] linux kernel 2.6 fun. windoze is a joke
CSIRT - UNICAMP
security em unicamp.br
Qua Fev 16 14:01:37 -02 2005
----- Forwarded message from Nelson Murilo <nelson em pangeia.com.br> -----
From: Nelson Murilo <nelson em pangeia.com.br>
Subject: [S] linux kernel 2.6 fun. windoze is a joke
To: seguranca em pangeia.com.br
Date: Tue, 15 Feb 2005 19:53:47 -0200
[http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html]
Georgi Guninski security advisory #73, 2005
linux kernel 2.6 fun. windoze is a joke
Systems affected:
linux kernel 2.6.10, probably earlier 2.6.
2.4 not tested
Date: 15 February 2005
Legal Notice:
This Advisory is Copyright (c) 2005 Georgi Guninski.
You may not modify it and distribute it or distribute parts
of it without the author's written permission - this especially applies to
so called "vulnerabilities databases" and securityfocus, microsoft, cert
and mitre.
If you want to link to this content use the URL:
http://www.guninski.com/where_do_you_want_billg_to_go_today_3.html
Anything in this document may change without notice.
Disclaimer:
The information in this advisory is believed to be true though
it may be false.
The opinions expressed in this advisory and program are my own and
not of any company. The usual standard disclaimer applies,
especially the fact that Georgi Guninski is not liable for any damages
caused by direct or indirect use of the information or functionality
provided by this advisory or program. Georgi Guninski bears no
responsibility for content or misuse of this advisory or program or
any derivatives thereof.
Description:
There is misuse of signed types in 2.6, leading to buffer overflow and
reading kernel memory.
Details:
WDYBTGT3-1:
there is heap overflow in /proc in at least 2.6.10 and 2.6.11rc1-bk6 (
have not tested 2.4) on i386.
[...]
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L