"A CVE-2022-25636 felfedezése és kihasználása"

Bug

Sophos alkalmazásában álló Nick Gregory néhány hete unalmában egy (azóta már javított) csúnya biztonsági hibát (CVE-2022-25636) talált a Linux kernel csomagszűrőjében (netfilter):

A few weeks ago, I found and reported CVE-2022-25636 - a heap out of bounds write in the Linux kernel. The bug is exploitable to achieve kernel code execution (via ROP), giving full local privilege escalation, container escape, whatever you want.

In this post, I cover the entire process of finding and exploiting the bug (to as much of an extent as I did at least) - from initial “huh that looks weird” to a working LPE.

[...]

One night a few weeks back, I was bored. There were a few other projects I could have worked on, but none of them seemed particularly interesting, so I decided to do some random (kernel) code review. There have been a few notable bugs in the netfilter kernel subsystem that I’ve seen over the past few years (perhaps most notably CVE-2021-22555), so I decided to start looking there. It’s a relatively complex subsystem that’s widely available - the perfect target.

A teljes írás itt olvasható.

( Dolphy | 2022. 03. 16., sze – 18:10 )

There were a few other projects I could have worked on, but none of them seemed particularly interesting, so I decided to do some random (kernel) code review. 

Te jo eg, milyen projektek lehettek, ha helyettuk inkabb kernel kodot review-zott? :)

Ja, badass fószernak tűnik, felveszik, hogy fejlessze az x, y céges projekteket, ehelyett inkább kernelprojektet visz, amit otthonról, függetlenként is tudna csinálni, de még fizetik is érte. Nem hiába, élni tudni kell.

Windows 95/98: 32 bit extension and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor, written by a 2 bit company that can't stand 1 bit of competition.”