Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

Linux vulnerable to null pointer dereference exploits.

And yet another reminder that you should always check pointers for NULL before dereferencing them. Also, did you know that gcc disables "unnecessary" null pointer checks with -O2? Use -fno-delete-null-pointer-checks to prevent this from happening. To quote man gcc: "The compiler assumes that dereferencing a null pointer would have halted the program.  If a pointer is checked after it has already been dereferenced, it cannot be null. In some environments, this assumption is not true, and programs can safely dereference null pointers." It is sometimes possible to have 0x00000000 mapped to userspace (in this case by way of a kernel module and a setuid pulseaudio), thus preventing the segmentation fault that would usually occur when remapping 0x00000000 to your own code.

More details here (in German, but very informative): http://www.heise.de/newsticker/Root-Exploit-fuer-Linux-Kernel-veroeffentlicht--/meldung/142171 and here for the exploit itself: http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069714.html and more explanation here: http://isc.sans.org/diary.html?storyid=6820
Reposted bySteveClement SteveClement

Don't be the product, buy the product!