Articles with tag - Source-code

21.07 20091

A fascinating Linux kernel vulnerability

By: Frank Breedijk Categories:Security

My collegue Otto Jongerius pointed me to this interesting story from the Internet Storm Center.

Source code for a exploit of a Linux kernel vulnerability has been posted by Brad Spengler (Brad is the author of grsecurity). I have to tell you right now – this was one of the most fascinating bugs I’ve read about lately.

Why is it so fascinating? Because a source code audit of the vulnerable code would never find this vulnerability (well, actually, it is possible but I assure you that almost everyone would miss it). However, when you add some other variables into the game, the whole landscape changes.

While technical details about this are a bit complex, generally what’s happening can be easily explained. The vulnerable code is located in  

read more