September 28, 2016

Exploit OOPS: Root Privileges on Linux

Security researcher Dan Rosenberg presents a small demo program which combines several security holes to obtaiLive Hacking Linux CDn root privileges on Linux systems on Full Disclosure Security mailing list.

He combined some existing vulnerabilities with the vulnerability discovered by Nelson Elhage in connection with the kernel’s thread management and troubleshooting routines (CVE-2010-4258).With this exploit, an attacker can potentially exploit an OOPS to write a null byte into the kernel’s memory area. [Read more…]