[Canvas] linux_pppolt2p privilege escalation

Alex McGeorge alexm at immunityinc.com
Wed Aug 27 13:35:47 EDT 2014


The American poet Busta Rhymes wrote "you best come correct", words we
try to live by at Immunity and I believe our latest CANVAS measures up
to that principle. Immunity's Linux exploit team has released an exploit
for CVE-2014-4943 with CANVAS v6.95. The exploit currently targets 32bit
and x86_64 support is in the works. What's interesting about this bug is
that it goes all the way back to the 3.0 Linux kernel. Which, if you're
playing at home, has seen quite a few releases since.

Linux kernel security is improving, the environment is changing and as a
consequence how you exploit the bug also changes. Some techniques may be
available in a subset of kernels but not another. This means you need to
be on top of your recon game as a penetration tester. The Linux team has
made the exploit as reliable and universal as possible and it certainly
is both of those things, but it still requires some sophistication to
wield appropriately.

We made a video explaining some of the recon suggested and using the
exploit in action here: https://vimeo.com/104520979


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/canvas/attachments/20140827/9a0c4172/attachment.sig>

More information about the Canvas mailing list