full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] [Dailydave] What RedHa

Re: [Full-disclosure] [Dailydave] What RedHat doesn't want you toknow about ExecShield (without NX)

From: gary sweet <gary.sweet.11_at_nospam>
Date: Tue May 15 2007 - 01:36:11 GMT
To: full-disclosure@lists.grok.org.uk

Brad Spengler wrote: >>> The problem is there's nothing you can do about my attack, >> There are likely similar attacks to the NULL ptr issue. Its just a >> well known/predictable invalid pointer dereference.

> The attack I was referring to was the SELinux disabling, not the kernel exploit which allowed
> me to disable SELinux, although it is also since it's highly unlikely that PaX's UDEREF will be
> implemented in Fedora/RHEL there will be nothing you can do about the class of bugs you
> mention either.

This coming from someone who spends his time 'hunting for Linux kernel vulnerabilities' .. bravo Brad :rolleyes:

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/