kernel module for chmod restrictions while in securelevel one or higher

Kostik Belousov kostikbel at gmail.com
Sat Jul 31 13:04:15 UTC 2010


On Sat, Jul 31, 2010 at 01:59:43PM +0100, Istv??n wrote:
> http://www.securiteam.com/exploits/6P00C00EKO.html
This is an exploit for the archaic SA-05:02.sendfile. Op (semi-)obviously
means exploit for the recent SA-10:07.mbuf, for which I am very
curious whether the working exploit appeared in the wild.

> 
> On Sat, Jul 31, 2010 at 1:41 PM, Kostik Belousov <kostikbel at gmail.com>wrote:
> 
> > On Fri, Jul 30, 2010 at 11:18:39PM -0700, Selphie Keller wrote:
> > > Kernel module for chmod restrictions while in securelevel one or higher:
> > > http://gist.github.com/501800 (fbsd 8.x)
> > >
> > > Was looking at the new recent sendfile/mbuf exploit and it was using a
> > > shellcode that calls chmod syscall to make a setuid/setgid binary.
> > However
> > Can you point to the exploit (code) ?
> >
> 
> 
> 
> -- 
> the sun shines for all
> 
> http://l1xl1x.blogspot.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20100731/5f24d825/attachment.pgp


More information about the freebsd-security mailing list