Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Uploaded on Sep 18, 2009
In this video I demonstrate a different method of exploiting the recent perf_counter vulnerability where it doesn't require a NULL mapping. The technique is from nemo, credits to him: it seems quite stable on both single and multi-processor machines (it's been 100% reliable so far). To further demonstrate how easy the vulnerability can be exploited in the face of access control mechanisms, I exploit the vulnerability in the restricted user_u role of SELinux on a fully patched FC11 (which prevents execution of any suid app, among many other things), bypassing execmem restrictions, and finally disable SELinux completely.