[CentOS] Serious attack vector on pkcheck ignored by Red Hat
Leonard den Ottolander
leonard at den.ottolander.nlThu Feb 9 21:03:47 UTC 2017
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize the entire contents of the heap to his liking and thus call whatever function he likes, including the one that will cause the root exploit. So even though the heap spraying is not an attack in itself it is a serious "crow bar" i.e. attack vector. If you read the article carefully the author makes no claims that the setuid on the binary is a necessity. He clearly states he is "giving himself a break" by using a setuid binary. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
- Previous message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Next message: [CentOS] Serious attack vector on pkcheck ignored by Red Hat
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list