[Dailydave] Remote kernel bug in SCTP?
Jeremy Brown
0xjbrown41 at gmail.com
Tue Apr 28 11:52:09 EDT 2009
I love the amount of research you put into this, challenges can be fun
and quite beneficial as we all know. Although the world just tilted
slightly, great work =)
On Mon, Apr 27, 2009 at 9:49 PM, sgrakkyu <sgrakkyu at openssl.it> wrote:
> dave wrote:
>> Did everyone else already know about this bug? So you connect to an SCTP
>> endpoint, then send a packet to overwrite arbitrary kernel data? That'd
>> be cool.
>>
>> This is where Phillipe tells us about his scanner from 2002. :>
>>
>> -dave
>>
>
> Hi everybody, I saw some stream of mails wondering about this SCTP
> issue: some sayin' it's a D.o.S., some other thinking about a local
> exploit.
> It started as a challenge and it ended up as a lot of fun and a reliable
> one-shot remote exploit for Linux SLUB/SLABs
>
> Here you go the link: http://sgrakkyu.antifork.org/sctp_houdini.c
> (it covers x86-64 kernels only)
>
> and here you go a small blog post I made for it:
> http://kernelbof.blogspot.com
> More details might be added, if someone is interested.
> Hope you'll have at least half of the fun I had in developing it:)
>
> Cheers,
>
> -sgrakkyu
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
More information about the Dailydave
mailing list