search for: zeroday

Hello Warren, On Thu, 2017-02-09 at 15:27 -0700, Warren Young wrote: > So you?ve now sprayed the heap on this system, but you can?t upload > anything else to it because noexec, so?now what? What has our > nefarious attacker gained? So the heap is set with data provided by the (local) attacker who could initialize it to his liking using either of the two memory leaks in the options

...oint out to you is: 1. The 'user' that the 'atacker' can run things as is themselves .. AND 2. They already have shell access on the machine in question and they can already run anything in that shell that they can run via what you are pointing out. 3. If they have access to a zeroday issue that give them root .. they can just use that via their shell that they already have (that you gave them, which they are using) to get root .. they therefore don't need to use this issue at all. ==== All of that said, all memory leaks (and any other bugs) should be fixed. It is just NO...

...ntOS-6.6 and it will not be released for several more days. Rather than wait on the POODLE issue, the CentOS team decided to build a version of this update for 6.5: (the current release, built from openssl-1.0.1e-30.el6_5.2.src.rpm) as well a version based on openssl-1.0.1e-30.el6_6.2.src.rpm as a zeroday update for CentOS-6.6 when it is released. You must also take action to disable SSLv3 as well as installing these update to mitigate POODLE on CentOS-5, CentOS-6 and/or CentOS-7, please see this link for details: http://wiki.centos.org/Security/POODLE Thanks, Johnny Hughes -------------- next...

...ohnny Hughes wrote: > 2. They already have shell access on the machine in question and they > can already run anything in that shell that they can run via what you > are pointing out. No, assuming noexec /home mounts all they can run is system binaries. > 3. If they have access to a zeroday issue that give them root .. they > can just use that via their shell that they already have (that you gave > them, which they are using) to get root .. they therefore don't need to > use this issue at all. No, assuming noexec /home mounts all they have to leverage a zero day are syst...