Brad Spengler Exposes Exploit in Linux Kernel 2.6.31

Sep 18, 2009

The developer behind the security portal, Brad Spengler, has released videos on the Web that demonstrate a security hole in the current Linux kernel.

Brad Spengler (alias Spender) is a known entity in the Linux security field. Revealing his videos on his YouTube channel certainly lends his case credibility. The videos show that the exploit uses a buffer overflow in the perf_counter after a kernel crash, which also bypasses SE Linux.

A recent followup to Spengler's video for a 32-bit system is one for a 64-bit Ubuntu exploit. He intends to publish details soon. Fortunately the exploit is currently not freely circulating.


  • How to mitigate such risks..

    Hi guys,

    At our IT Security Conference, AthCon, which will be hosted in Athens, Greece in Q2 2010, we'll be discussing how to mitigate such vulnerabilities in production code & how to thwart null pointer dereference vulnerabilities once & forever.

    - AthCon team.
comments powered by Disqus

Issue 27: Raspberry Pi Adventures/Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)