Re: Serious attack vector on pkcheck ignored by Red Hat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote:
> Escalation *requires* attacking a program in a security context other 
> than your own.

Not necessarily. Suppose the adversary is aware of a root
exploit/privilege escalation in a random library. Then the heap spraying
allows this attacker to easily trigger this exploit because he is able
to initialize the entire contents of the heap to his liking and thus
call whatever function he likes, including the one that will cause the
root exploit.

So even though the heap spraying is not an attack in itself it is a
serious "crow bar" i.e. attack vector.

If you read the article carefully the author makes no claims that the
setuid on the binary is a necessity. He clearly states he is "giving
himself a break" by using a setuid binary.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux