| Summary: | sys-kernel/* registration weakness in linux kernel's binary formats | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Carsten Lohrke (RETIRED) <carlo> |
| Component: | Kernel | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | kernel |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Carsten Lohrke (RETIRED)
2006-10-06 06:46:48 UTC
SHELLCODE Security Research <GoodFellas@shellcode.com.ar> sent the following to full disclosure -- Hello, The present document aims to demonstrate a design weakness found in the handling of simply linked lists used to register binary formats handled by Linux kernel, and affects all the kernel families (2.0/2.2/2.4/2.6), allowing the insertion of infection modules in kernelĀ space that can be used by malicious users to create infection tools, for example rootkits. POC, details and proposed solution at: English version: http://www.shellcode.com.ar/docz/binfmt-en.pdf Spanish version: http://www.shellcode.com.ar/docz/binfmt-es.pdf regards, -- SHELLCODE Security Research TEAM GoodFellas@shellcode.com.ar http://www.shellcode.com.ar -- I'm looking through the last weeks vulnerability reports atm., if we have missed one. I did not examine the paper, but it looks good enough to let some kernel guy have a look (and possibly dismiss it). the paper is just fucking stupid ... the guys who wrote it need to be shot this is a feature, not a bug |