BugTraq
Breaking the links: Exploiting the linker Jun 29 2011 08:53PM
Tim Brown (timb nth-dimension org uk) (1 replies)
Re: [Full-disclosure] Breaking the links: Exploiting the linker Oct 16 2011 06:16PM
Tim Brown (timb nth-dimension org uk)
CVEs have now been assigned to the two previously reported bugs as follows:

> 1) http://www.nth-dimension.org.uk/downloads.php?id=83 - Privesc attack
> using DB2 from normal user to root, the PoC is for Linux but based on
> testing the AIX version looks iffy too although I couldn't get gcc to
> generate a valid library to exploit it.

CVE-2011-4061. FWIW I now have a version of the exploit for this working on
AIX, based on a copy of kbbacf1 from IBM Tivoli Monitoring 6.1.0.6. It
therefore appears that the vulnerable version of kbbacf1 isn't just shipped
with DB2.

> 2) http://www.nth-dimension.org.uk/downloads.php?id=80 - Generic attack on
> the QNX runtime linker which abuses an arbitrary file overwrite and race
> condition to get root.

CVE-2011-4060.

Cheers,
Tim
--
Tim Brown
<mailto:timb (at) nth-dimension.org (dot) uk [email concealed]>
<http://www.nth-dimension.org.uk/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCAAGBQJOmx94AAoJEPJhpTVyySo7i3UQANl6fJSQwvDmv2N75RhIS1Gu
XwIWDr8dBJaCw5Jmy72Lw6xIqxQ9CBiWsuB7KTUSBp3o81EccBpBRZ4wc2NU9nFQ
kKm5BqQe4QhvS9o299sIgpO8JT+DcihITGAj/Zf6Cm+w35pwndLi0TForSf7HJA6
dQ1sgUd+6eeDBrPw6o0nJAbuQKCW0dRhf2GUhcAWCB5AAHj2nJsAhhPPt200oZev
nofCSObju+GNWbCFbRX1kVh3lbXcNBLnm/Gp8KqRwQIQGDfYmnNzdxe+5UStT9WS
y1dVdd6/1T/CnGMQuZPqzVXgMpZQBDTlU6brCIQzfaACWNvfJueMCvrZPhasJ9Tz
hMk+DZ+z9mBWpsZd1t1umKumoKyNttsxdhHYzEquDuXT4pOHfX442sy3366/EKOJ
KMiDrwZ8llBT/hQOLV0kf8WOp5TqQQWsYk5ISftQT/Iyu8OnbmLfud7MIzWFvk1O
Iabw4SLK3DvQuYRVIYP97a6OJAmI5TNlwS5sdH4QYFJcSpMW6fO7d/Vwgm/P0o5M
E0LPc9zmC0A0qyoLg5LzeYk01KJfzJhKg7OpgOrwxHNFSKpipOpx82hgeJh52gEs
IuRFtAkhQ8otygIt2zJLgcsG+BSWf8oZQiAK49Z96GZcJlNnJBKYmOQr2h02rsFR
R6N76QIpD+DBFgjjHI7z
=ZUep
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus