API tools faq
paste
Advertisement
Guest User

FD ~UA feed

a guest
Apr 6th, 2018
440
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.53 KB | None | 0 0
raw download clone embed print report
  1. <<** // Full-disclosure moderator Matthew Fernandez getting passive aggressive after ~UA proves double-free bypass bug exists \\ **>>
  2.  
  3. Matthew Fernandez <matthew.fernandez@gmail.com>
  4. 27 Mar (10 days ago)
  5. to me, fulldisclosure
  6. Maybe Iā€™m misunderstanding something, but what is the vulnerability here? It looks like you are just demonstrating that a program can corrupt its own heap, which it can already do in numerous other ways.
  7. > _______________________________________________
  8. > Sent through the Full Disclosure mailing list
  9. > https://nmap.org/mailman/listinfo/fulldisclosure
  10. > Web Archives & RSS: http://seclists.org/fulldisclosure/
  11.  
  12. keliikoa kirland <keliikoakirland@gmail.com>
  13. 5 Apr (1 day ago)
  14. to Matthew
  15. Hey I'm back ;PpPpP
  16. It's an actual mmap() bug, https://github.com/torvalds/linux/blob/master/mm/mmap.c#L212
  17.  
  18. /*
  19. * Check against rlimit here. If this check is done later after the test
  20. * of oldbrk with newbrk then it can escape the test and let the data
  21. * segment grow beyond its set limit the in case where the limit is
  22. * not page aligned -Ram Gupta
  23. */
  24. if (check_data_rlimit(rlimit(RLIMIT_DATA), brk, mm->start_brk,
  25. mm->end_data, mm->start_data))
  26. goto out;
  27.  
  28. newbrk = PAGE_ALIGN(brk);
  29. oldbrk = PAGE_ALIGN(mm->brk);
  30. if (oldbrk == newbrk)
  31. goto set_brk;
  32.  
  33.  
  34. albeit.
  35.  
  36.  
  37. fulldisclosure-owner@seclists.org
  38. 10:59 (1 hour ago)
  39. to me
  40. Your request to the Fulldisclosure mailing list
  41.  
  42. Posting of your message titled "In response to Matthew Fernandez
  43. <matthew.fernandex@gmail.com> Double-free() bypass"
  44.  
  45. has been rejected by the list moderator. The moderator gave the
  46. following reason for rejecting your request:
  47.  
  48. "It's not clear what you are demonstrating here. The comment says
  49. they need to have rlimit check before the oldbrk test and they do. It
  50. looks like the comment and the test have been there for years, so they
  51. didn't just add this as a fix. You may be right about there being a <--- lol
  52. bug, but perhaps you can resend this to the list but with more clarity <---- lol
  53. as to what it is so the listmembers better understand what you're
  54. saying? Thanks!"
  55.  
  56. Any questions or comments should be directed to the list administrator
  57. at:
  58.  
  59. fulldisclosure-owner@seclists.org
  60.  
  61.  
  62. keliikoa kirland <keliikoakirland@gmail.com>
  63. 12:47 (4 minutes ago)
  64. to fulldisclosure.
  65. Eh? That's exactly what I was trying to exclaim; albeit, "It
  66. looks like the comment and the test have been there for years, so they
  67. didn't just add this as a fix." That's the bug Matthew; self-explanatory, thanks.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!