GO IT WORLD | IT TECH | IT NEWS » kernel

Linux Kernel < 2.6.37-rc2 ACPI custom_method Privilege Escalation

jason — Fri, 05 Aug 2011 03:57:03 +0000

This custom_method file allows to inject custom ACPI methods into the ACPI interpreter tables. This control file was introduced with world writeable permissions in Linux Kernel 2.6.33.

/*
* american-sign-language.c
*
* Linux Kernel < 2.6.37-rc2 ACPI custom_method Privilege Escalation
* Jon Oberheide <jon@oberheide.org>
* http://jon.oberheide.org
*
* Information:
*
*   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4347
*
*   This custom_method file allows to inject custom ACPI methods into the ACPI
*   interpreter

… Read the rest

how to resolve kernel: printk: xxx messages suppressed

jason — Tue, 06 Apr 2010 11:47:46 +0000

I find a lot of error log on my proxy server:

Jan 22 22:57:37 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:00:04 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:00:09 streams1 kernel: printk: 1 messages suppressed.
Jan 22 23:00:13 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:00:20 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:00:25 streams1 kernel: printk: 3 messages suppressed.
Jan 22 23:00:29 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:00:34 streams1 kernel: printk: 2 messages suppressed.
Jan 22 23:00:45 streams1 kernel: printk: 3 messages suppressed.… Read the rest

Linux Kernel < 2.6.19 udp_sendmsg Local Root Exploit

jason — Thu, 03 Sep 2009 05:27:12 +0000

/***********************************************************
* hoagie_udp_sendmsg.c
* LOCAL LINUX KERNEL ROOT EXPLOIT (< 2.6.19) – CVE-2009-2698
*
* udp_sendmsg bug exploit via (*output) callback function
* used in dst_entry / rtable
*
* Bug reported by Tavis Ormandy and Julien Tinnes
* of the Google Security Team
*
* Tested with Debian Etch (r0)
*
* $ cat /etc/debian_version
* 4.0
* $ uname -a
* Linux debian 2.6.18-4-686 #1 SMP Mon Mar… Read the rest

Linux Kernel 2.x sock_sendpage() Local Ring0 Root Exploit

jason — Sat, 15 Aug 2009 12:46:00 +0000

/* dedicated to my best friend in the whole world, Robin Price
the joke is in your hands

just too easy — some nice library functions for reuse here though

credits to julien tinnes/tavis ormandy for the bug

may want to remove the __attribute__((regparm(3))) for 2.4 kernels,
I have no time to test

spender@www:~$ cat redhat_hehe
I bet Red Hat will wish they closed the SELinux vulnerability when they
were given the opportunity to. Now all RHEL boxes will get owned by
leeches.c :p

fd7810e34e9856f77cba67f291ba115f33411ebd… Read the rest

Linux Kernel <= 2.6.28.3 set_selection() UTF-8 Off By One Local Exploit

jason — Sun, 12 Jul 2009 11:11:07 +0000

/* CVE-2009-1046 Virtual Console UTF-8 set_selection() off-by-one(two) Memory Corruption
* Linux Kernel <= 2.6.28.3
*
* coded by: sgrakkyu <at> antifork.org
* http://kernelbof.blogspot.com/2009/07/even-when-one-byte-matters.html
*
* Dedicated to all people talking nonsense about non exploitability of kernel heap off-by-one overflow
*
* NOTE-1: you need a virtual console attached to the standard output (stdout)
* – physical login
* – ptrace() against some process with the same uid already attached to a VC
* – remote management ..… Read the rest

Network Security with Linux Kernel

jason — Tue, 06 Jan 2009 13:25:07 +0000

The proc filesystem offers some significant enhancements to your network security settings. Unfortunately, most of us are unaware of anything beyond the vague rumors. In the article, we’ll review some of the basic essentials of the kernel parameters necessary by altering /proc filesystem to add to the overall network security of your Linux server.

The proc filesystem is a area of more frequently being neglected. The pseudo file structure within proc allows you to interface with the internal data structures in the kernel, either obtaining information about the system or changing specific settings.

IP Specific Settings

IP forwarding of… Read the rest