Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable

2009-07-20T00:00:00
ID SECURITYVULNS:DOC:22189
Type securityvulns
Reporter Securityvulns
Modified 2009-07-20T00:00:00

Description

Title says it all, exploit is at: http://grsecurity.net/~spender/cheddar_bay.tgz

Everything is described and explained in the exploit.c file. I exploit a bug that by looking at the source is unexploitable; I defeat the null ptr dereference protection in the kernel on both systems with SELinux and those without. I proceed to disable SELinux/AppArmor/LSM/auditing

Exploit works on both 32bit and 64bit kernels.

Links to videos of the exploit in action are present in the exploit code.

Greets to vendor-sec, -Brad

----- End forwarded message -----

----- End forwarded message -----