CWP panel
Looking into the Looney Tunable Linux Privesc CVE-2023-4911
Looking into the Looney Tunable Linux Privesc CVE-2023-4911
#Looney #Tunable #Linux #Privesc #CVE20234911
“IppSec”
00:00 – Introduction talking about what the Looney Tunable exploit is and my thoughts on the severity of the exploit
02:30 – Start talking about how the vulnerability works
04:00 – The POC String to identify if a box is vulnerable, it doesn’t actually exploit but quickly identifies if a…
source
To see the full content, share this page by clicking one of the buttons below |
A little mistake I noticed around 7:50; "We use calloc to write"
Actually we donβt write with calloc, but with the parse_tunable. The program expects the calloc to return nulled memory (which does make sense), but this does not apply here, because an attacker may overflow into this range. So the calloc returns a pointer into our overflow
I tried the method you mentioned, I got ubuntu 22 iso, installed it on my virtualbox while my laptop was disconnected from internet, deleted the unattended-upgrades package then connected to the internet. at first when I ran the command that shows that it's vulnerable it worked, then after a while it gave the su page. Could you tell me what might be the problem?
Thank you.
Push!
i am living under the rock πΏ
IPPSEC FACE REVEAL!!!
Very nice video as always!
Sei un grande ti ammiroπͺπΌπͺπΌπͺπΌπͺπΌ
woww ippsec shows his face now
You do not look like i thought you would
Hi, it's good to see your face, it's better for you, you'll get even more viewers, you're the best!
Its like seeing shaggy from Scooby Doo with higher IQ.π love you man
thanks a lot, which screen recording software you are using ?
Ippsec rocks! π
I've been following this account since 2018, maybe even 2017 and not once have I seen ipps face. I come to the comments and notta one?! What? I've clearly been living under a rock.
Ippsec is god π₯
π₯
yes, I like explanation videos. I always curious about how it all works!
I need your t-shirt π
ALWAYS fascinated with your content. Thanx for sharing Ipp…
Most boring video from IppSec. Cuz I don't live under a rock.
It was interesting tho π
great to finally see you! haha
Happy you decided to show that beautiful face!
Thanks for your excellent explanation.this exploit is a box killer. I guess this vuln will be patched in no time on HTB. I just love your new format of videos. This one came out at the exact right time for me!
Off topic question, but does anyone know which microphone this is?
I been camping does that count as being under a rock? LOL awesome content as always! o/
I'm obsessed with the TMNT/Red Team shirt. Excellent video! Thank you.
Thanks for sharing, hope more vids like this.
Thank you β€
Nice! If I get it correctly, if the build id is unknown, you can't find the offset if ASLR is enabled?
Daniel graham goated
10:47 ππ
Looks like ippsec sounds like John hammond
ive been binge watching ur hackthebox videos ! πππ€π€
Love this ππΌππΌ
We would love to see attack and detect video's.
Thank you Thank you Thank you!!!
Thx For Upload π
Always Watching Your New Video π