[Dailydave] Remote kernel bug in SCTP?
sgrakkyu
sgrakkyu at openssl.it
Mon Apr 27 21:49:37 EDT 2009
dave wrote:
> Did everyone else already know about this bug? So you connect to an SCTP
> endpoint, then send a packet to overwrite arbitrary kernel data? That'd
> be cool.
>
> This is where Phillipe tells us about his scanner from 2002. :>
>
> -dave
>
Hi everybody, I saw some stream of mails wondering about this SCTP
issue: some sayin' it's a D.o.S., some other thinking about a local
exploit.
It started as a challenge and it ended up as a lot of fun and a reliable
one-shot remote exploit for Linux SLUB/SLABs
Here you go the link: http://sgrakkyu.antifork.org/sctp_houdini.c
(it covers x86-64 kernels only)
and here you go a small blog post I made for it:
http://kernelbof.blogspot.com
More details might be added, if someone is interested.
Hope you'll have at least half of the fun I had in developing it:)
Cheers,
-sgrakkyu
More information about the Dailydave
mailing list