Re: [Ciotoflow] Bug mysql

Supprimer ce message

Répondre à ce message
Auteur: ono-sendai
Date:  
À: Flussi di ciotia.
Sujet: Re: [Ciotoflow] Bug mysql
On 18/06/2012 13:15, Luca Bruno wrote:

> pgsql ftw


Luca bru'!!Scrivi come giochi! Comunque a proposito di vulnerabilita' "bizzarre"
ci aggiungo questa [0] che sembra riguardare ogni processore intel x86-64

"A ring3 attacker may be able to specifically craft a stack frame to be executed
by ring0 (kernel) after a general protection exception (#GP). The fault will be
handled before the stack switch, which means the exception handler will be run
at ring0 with an attacker's chosen RSP causing a privilege escalation."

Che dire...sticazzi!

[0]
http://www.theverge.com/2012/6/18/3092949/security-vulnerability-x86-64-intel-processor