It basically abuses the fact that the /dev/nvidia0 device accept changes to the VGA window and moves the window around until it can read/write to somewhere useful in physical RAM, then it just does an priv escalation by writing directly to kernel memory.
Tag Archives: exploit
A closer look into the RSA SecureID software token
Widespread use of smart phones by employees to perform work related activities has introduced the idea of using these devices as an authentication token. As an example of such attempts, RSA SecureID software tokens are available for iPhone, Nokia and the Windows platforms. Obviously, mobile phones would not be able to provide the level of tamper-resistance that hardware tokens would, but I was interested to know how easy/hard it could be for a potential attacker to clone RSA SecureID software tokens. I used the Windows version of the RSA SecurID Software Token for Microsoft Windows version 4.10 for my analysis and discovered the following issues:
Malicious backdoor in open-source messaging apps not spotted for 3 months
For almost three months, versions of three widely distributed open-source applications from Horde.org contained a backdoor that allowed attackers to remotely execute malicious PHP code on systems that ran the programs.
via Malicious backdoor in open-source messaging apps not spotted for 3 months.
This is interesting…
“The impact through Linux distribution should be not so important,” Wednesday’s post went on to say. “Only users who have download the source code from FTP are mainly affected.”
Horde’s advisory said the releases were altered after unidentified hackers breached an FTP server used to distribute the installation packages.
Linux vendors rush to patch privilege escalation flaw after root exploits emerge
According to Carsten Eiram, the chief security specialist at vulnerability research firm Secunia, the flaw was introduced in the Linux kernel code in March 2011 and affects versions 2.6.39 and above. “Any Linux distributions providing these kernel versions should be vulnerable,” Eiram said.
Fedora 14 is stuck on 2.6.35 something. This shouldn’t affect CentOS builds either. Sometimes it’s beneficial not to upgrade the OS!
Linux Local Privilege Escalation via SUID /proc/pid/mem Write
Introducing Mempodipper, an exploit for CVE-2012-0056.
via Linux Local Privilege Escalation via SUID /proc/pid/mem Write | Nerdling Sapple.
WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs
WPS is a method for setting up a new wireless router for a home network and it includes a way for users to set up the network via an external or internal registrar. In this method, the standard requires a PIN to be used during the setup phase. The PIN often is printed somewhere on the wireless router or access point. The vulnerability discovered in WPS makes that PIN highly susceptible to brute force attempts.
via WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs | threatpost.
“I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide,” Viehbock said in a blog post.