Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Uploaded on Sep 18, 2009
In this video I demonstrate a different method of exploiting the recent perf_counter vulnerability where it doesn't require a NULL mapping. The technique is from nemo, credits to him: it seems quite stable on both single and multi-processor machines (it's been 100% reliable so far). To further demonstrate how easy the vulnerability can be exploited in the face of access control mechanisms, I exploit the vulnerability in the restricted user_u role of SELinux on a fully patched FC11 (which prevents execution of any suid app, among many other things), bypassing execmem restrictions, and finally disable SELinux completely.
"Interpretation Of Dreams (Ethnic Mix)" by Elysium (Google Play)