Skip to main content
Log in

Linux 2.6 kernel exploits

Journal in Computer Virology Aims and scope Submit manuscript

Abstract

Exploits are increasingly targeting operating system kernel vulnerabilities. For one, applications in user space are better protected by the developers and the kernel than in the past. Second, the promise of a successful kernel exploit is tantalizing full control over the targeted environment. Under Linux, kernel space exploits differ noticeably from user space exploits. Constraints such as execution context problems, module relocation, system calls usage prerequisites and kernel shellcode development have to be dealt with. These kernel exploits are the focus of this paper. We first give an overview of major kernel data structures which are used to handle processes under Linux 2.6 on an Intel IA-32 architecture. We then illustrate the aforementioned constraints by means of two practical Wifi Linux Drivers Stack Overflow exploits.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  1. the Month Of Kernel Bugs archive http://projects.info-pull.com/mokb/

  2. Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 5.12.1 http://www.intel.com/products/processor/manuals/index.htm

  3. Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 5.11 http://www.intel.com/products/processor/manuals/index.htm

  4. Intel: IA-32 Software Developper’s Manual, Volume 3A: System Programming Guide, Sect. 6.2.1 http://www.intel.com/products/processor/manuals/index.htm

  5. ELF: Executable and Linking Format, http://x86.ddj.com/ftp/manuals/tools/elf.pdf

  6. Robert Love: Linux Kernel Development, Novell Press

  7. Bovet, D.P., Cesati, M.: Understanding the Linux Kernel, O’Reilly

  8. Cache, J.: L.M.H.: Broadcom Wireless Driver Probe Response SSID Overflow http://projects.info-pull.com/mokb/MOKB-11-11-2006.html

  9. Biondi, P.: Scapy, a powerful interactive packet manipulation program http://secdev.org/projects/scapy/

  10. Butti, L., Razniewski, J., Tinnes, J.: Madwifi remote buffer overflow vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6332

  11. Starzetz, P: Publicly released linux kernel exploits http://www.isec.pl/

  12. The PaX Team: Linux Kernel patch http://pax.grsecurity.net/

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Stéphane Duverger.

Additional information

This paper is an expanded version of two conference talks given at SSTIC 2007 in Rennes and at SYSCAN 2007 in Singapore.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Duverger, S. Linux 2.6 kernel exploits. J Comput Virol 4, 39–60 (2008). https://doi.org/10.1007/s11416-007-0066-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-007-0066-9

Keywords

Navigation