From "No Way" to 0-day: Weaponizing the Unweaponizable

Many system administrators take a patch for a denial of service attack to be optional. What's the worst that could happen? Oh no -- a local user could crash the system. We'll just reboot it; MyPhpGresQL.py on Rails is totally transactional, right? Commit messages fixing these sorts of crashes are often characteristically underreported, too: "allows attackers to cause an application crash".

In some cases, the descriptions are correct; the worst that can happen is that the system will crash. Too often, though, the risk is under-assessed. Although an application may not be vulnerable to a simple stack-smashing buffer overflow, that's not all that an attacker can do! This talk will take a recent Linux kernel CVE for a denial of service attack and weaponize it to privilege escalation.

An understanding of some of the inner workings of the Linux kernel, and of operating system concepts in general, will greatly enhance your experience at this talk, but may not be necessary.

Presented by