Brad Spengler Exposes Exploit in Linux Kernel 2.6.31

Sep 18, 2009

The developer behind the grsecurity.net security portal, Brad Spengler, has released videos on the Web that demonstrate a security hole in the current Linux kernel.

Brad Spengler (alias Spender) is a known entity in the Linux security field. Revealing his videos on his YouTube channel certainly lends his case credibility. The videos show that the exploit uses a buffer overflow in the perf_counter after a kernel crash, which also bypasses SE Linux.

As Spengler shows in his video, the Kernel 2.6.31 security hole also applies to 64-bit systems.

A recent followup to Spengler's video for a 32-bit system is one for a 64-bit Ubuntu exploit. He intends to publish details soon. Fortunately the exploit is currently not freely circulating.

Related content

  • Root Exploit Vulnerability in Kernel 2.6.30

    A recently discovered root exploit attacked the newest Linux versions and circumvented protection systems such as SELinux and AppArmor. A solution has been found.

  • Update: Security Hole in Kernel Allows Privilege Extensions

    A null-pointer dereference in the Linux kernel allows local users to assume root privileges. Brad Spengler, who claims first discovery, announced that he will present a corresponding exploit during the course of the day.

  • Grsecurity

    Security-conscious people dig a deep moat with crocodiles around their homes, hide their furniture in back rooms, and only let visitors into the bathroom if they know the secret password. Grsecurity follows a similarly extreme principle.

Comments

  • How to mitigate such risks..

    Hi guys,

    At our IT Security Conference, AthCon, www.athcon.org which will be hosted in Athens, Greece in Q2 2010, we'll be discussing how to mitigate such vulnerabilities in production code & how to thwart null pointer dereference vulnerabilities once & forever.

    - AthCon team.
comments powered by Disqus

Issue 169/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia