-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 halfdog wrote: > It seems that at least on 32-bit Debian-sid kernel in VirtualBox > guest, [1] triggers a kernel-panic. This simple POC does not allow > privilege escalation although there might be also some time-race > component involved, sometimes similar code seems to access > uninitialized memory or triggers NULL-dereferences. Therefore the > simple POC code could be extended for more extensive testing. See > [2] for more information. > > hd
I've created [1] to ease discovery of new problematic code combinations. Good use is to run it with e.g. socat TCP4-LISTEN:1234,reuseaddr=1,fork=1 EXEC:./Virtual86RandomCode,nofork=1 And send random data via network: tee TestInput < /dev/urandom | socat - TCP4:x.x.x.x:1234 > ProcessedBlocks And watch your console or dmesg output (when your kernel did not lock up completely) hd [1] http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/Virtual86RandomCode.c - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlLAiroACgkQxFmThv7tq+58dACggUEhW1toL8/9UnZkcEXZ+Ukk yvUAnjFTETZf/nXr/96fbp8soRpUdJiv =mLVT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
