On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize the entire contents of the heap to his liking and thus call whatever function he likes, including the one that will cause the root exploit. So even though the heap spraying is not an attack in itself it is a serious "crow bar" i.e. attack vector. If you read the article carefully the author makes no claims that the setuid on the binary is a necessity. He clearly states he is "giving himself a break" by using a setuid binary. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: Serious attack vector on pkcheck ignored by Red Hat
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander <leonard@xxxxxxxxxxxxxxxxx>
- Date: Thu, 09 Feb 2017 22:03:47 +0100
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <c034e273-2c7b-1709-242c-c162f4967a13@gmail.com>
- References: <1486045336.5163.6.camel@quad> <bf79662d-62a9-fd7d-bc4d-c96340029f74@hogranch.com> <1486047065.5163.8.camel@quad> <e767e804-f9d6-a45b-5299-7f56579fdb9a@gmail.com> <1486049754.5163.22.camel@quad> <04628b0c-98bd-d3f9-ca84-6adbcd8d5c1c@gmail.com> <1486064784.12088.31.camel@quad> <4a8f0e53-c5b2-61fd-b6cb-21e97f713b7c@gmail.com> <1486067854.12088.47.camel@quad> <c034e273-2c7b-1709-242c-c162f4967a13@gmail.com>
- Follow-Ups:
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Warren Young
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: John R Pierce
- Re: Serious attack vector on pkcheck ignored by Red Hat
- References:
- Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: John R Pierce
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Gordon Messmer
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Leonard den Ottolander
- Re: Serious attack vector on pkcheck ignored by Red Hat
- From: Gordon Messmer
- Serious attack vector on pkcheck ignored by Red Hat
- Prev by Date: Amavisd-new DKIM query timeout
- Next by Date: Re: Checksums for git repo content?
- Previous by thread: Re: Serious attack vector on pkcheck ignored by Red Hat
- Next by thread: Re: Serious attack vector on pkcheck ignored by Red Hat
- Index(es):
 |