Home > Debian, Linux, Security > New local kernel exploit

New local kernel exploit

January 9, 2011 Leave a comment Go to comments

This is a little bit old, but is worth to mention it because on a lot of system is still working. The proof of concept code and a lot of details you will find here: http://bit.ly/fYpOtx . This exploit is based on 3 vulnerabilities found by Nelson Elhage (probably because of that exploit is named full-nelson). As I said the exploit is based on 3 vulnerabilities CVE-2010-4258, CVE-2010-3849 and CVE-2010-3850. The last 2 vulnerabilities are based on Econet protocol driver. If you don’t have this driver loaded exploit will not work. The first vulnerability was founded on 2.6.36.2 and is based on do_exit function which doesn’t handle properly a KERNEL_DS get_fs value.

Anyway the last 2 vulnerabilities were fixed on Debian Security Advisory 2126-1 and without them exploit is not working, so upgrade your computers.

Categories: Debian, Linux, Security Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.