Brad Spengler Exposes Exploit in Linux Kernel 2.6.31

Sep 18, 2009

The developer behind the security portal, Brad Spengler, has released videos on the Web that demonstrate a security hole in the current Linux kernel.

Brad Spengler (alias Spender) is a known entity in the Linux security field. Revealing his videos on his YouTube channel certainly lends his case credibility. The videos show that the exploit uses a buffer overflow in the perf_counter after a kernel crash, which also bypasses SE Linux.

As Spengler shows in his video, the Kernel 2.6.31 security hole also applies to 64-bit systems.

A recent followup to Spengler's video for a 32-bit system is one for a 64-bit Ubuntu exploit. He intends to publish details soon. Fortunately the exploit is currently not freely circulating.


  • How to mitigate such risks..

    Hi guys,

    At our IT Security Conference, AthCon, which will be hosted in Athens, Greece in Q2 2010, we'll be discussing how to mitigate such vulnerabilities in production code & how to thwart null pointer dereference vulnerabilities once & forever.

    - AthCon team.
comments powered by Disqus

Issue 27: Raspberry Pi Adventures/Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)


njobs Europe
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia