Illustrating the Linux sock_sendpage() NULL Pointer Dereference

Article Source LWN
August 31, 2009, 3:05 pm

I’ve released an exploit for the Linux sock_sendpage() NULL pointer dereference[1], discovered by Tavis Ormandy and Julien Tinnes. This exploit was written to illustrate the exploitability of this vulnerability on Power/Cell BE architecture.

The exploit makes use of the SELinux and the mmap_min_addr problem to exploit his vulnerability on Red Hat Enterprise Linux 5.3 and CentOS 5.3. The problem, first noticed by Brad Spengler, was described by Red Hat in Red Hat Knowledgebase article: Security-Enhanced Linux (SELinux) policy and the mmap_min_addr protection[2]…

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Achieving Log Centralization and Analysis with Open Source SIEM and XDR: UTMStack

RELATED ARTICLES MORE FROM AUTHOR