Anatomy of an exploit: CVE-2010-3081

/dev/oei

... beats /dev/random for entropy. This is a tumblelog of quotes, links, snippets, and occasionally a few paragraphs of my own. Your feedback is most welcome; please look for "Send a message" on my Google profile

September 24, 2010

Anatomy of an exploit: CVE-2010-3081 → 8:44 am

From the guys at Ksplice:

There are three basic ingredients that typically go into a kernel exploit: the bug, the target, and the payload. The exploit triggers the bug — a flaw in the kernel — to write evil data corrupting the target, which is some kernel data structure. Then it prods the kernel to look at that evil data and follow it to run the payload, a snippet of code that gives the exploit the run of the system.

The bug is the one ingredient that is unique to a particular vulnerability. The target and the payload may be reused by an attacker in exploits for other vulnerabilities — if ‘Ac1dB1tch3z’ didn’t copy them already from an earlier exploit, by himself or by someone else, he or she will probably reuse them in future exploits.

Let’s look at each of these in more detail.