Re: [Ciotoflow] Bug mysql

Nachricht löschen

Nachricht beantworten
Autor: ono-sendai
Datum:  
To: Flussi di ciotia.
Betreff: Re: [Ciotoflow] Bug mysql
On 18/06/2012 13:15, Luca Bruno wrote:

> pgsql ftw


Luca bru'!!Scrivi come giochi! Comunque a proposito di vulnerabilita' "bizzarre"
ci aggiungo questa [0] che sembra riguardare ogni processore intel x86-64

"A ring3 attacker may be able to specifically craft a stack frame to be executed
by ring0 (kernel) after a general protection exception (#GP). The fault will be
handled before the stack switch, which means the exception handler will be run
at ring0 with an attacker's chosen RSP causing a privilege escalation."

Che dire...sticazzi!

[0]
http://www.theverge.com/2012/6/18/3092949/security-vulnerability-x86-64-intel-processor