Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Solar Designer <solar-cxoSlKxDwOJWk0Htik3J/w <at> public.gmane.org>
Subject: Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Newsgroups: gmane.comp.security.oss.general
Date: Monday 25th February 2013 16:12:08 UTC (over 4 years ago)
On Mon, Feb 25, 2013 at 11:41:33AM +0100, Mathias Krause wrote:
> But sorry, I won't disclose any further details, to not get into legal
> issues. In Germany it's quite hairy to do things like that :/
> But I can provide you my PoC in a private email -- for security
evaluation.

This is not necessary since we don't use these "too recent" kernels, but
thanks for offering.

Here's a curious tweet:

<_argp> Since full-disclosure has been DDoSed to oblivion, here's huku's
sock_diag 1 year-old exploit: http://pastebin.com/gwn1qErx

The pastebin has:

---
Who the fuck DDoS'ed full-disclosure? ;)

http://sysc.tl/mpougatsa_me_krema_kai_milko.tgz

---------- Forwarded message ----------
From: huku 
Date: Mon, 25 Feb 2013 01:18:38 +0200
Subject: CVE-2013-1763 local root exploit
To: [email protected]

Greetings fly to Daphne Rosen, Gianna Michaels and Carmella Bing.

./hk
---

SHA-1:
c5904fdaea3e212bb84592e6e2ce3a640b14308c  mpougatsa_me_krema_kai_milko.tgz

Two of the files in the tarball have timestamps of 2012-07-14.  Of
course, this is no proof, but it does appear that the bug was privately
known since about July 2012.  The README says:

"A trimmed down version of an old exploit for the recently published
`sock_diag_handlers[]' vulnerability :("

The code contains:

  printf("Linux kernel >= 3.2 NETLINK_INET_DIAG 0day\n");
  printf("by huku \n");

Is ">= 3.2" an error (should have been ">= 3.3" as your original posting
in here said)?  (The difference may be whether Ubuntu 12.04 is affected.)

Alexander
 
CD: 3ms