diff options
| author | Andreas Kling <kling@serenityos.org> | 2021-02-18 12:49:57 +0100 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-02-18 12:51:13 +0100 |
| commit | c2c7c7368b749cca5f182b01231c56aac24a5062 (patch) | |
| tree | 89fa7d57311682c8a70e49b20f87f46ddd02af1d | |
| parent | a11c065e82b3a186e8146ecaabb1399eabd7d80c (diff) | |
| download | serenity-c2c7c7368b749cca5f182b01231c56aac24a5062.zip | |
Website: Add @cees-elzinga's ptrace race + ASLR bypass to bounty page
| -rw-r--r-- | Meta/Websites/serenityos.org/bounty/index.html | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/Meta/Websites/serenityos.org/bounty/index.html b/Meta/Websites/serenityos.org/bounty/index.html index bab95c35c9..bead355b92 100644 --- a/Meta/Websites/serenityos.org/bounty/index.html +++ b/Meta/Websites/serenityos.org/bounty/index.html @@ -39,6 +39,7 @@ </p> <p><b>Unclaimed bounties:</b></p> <ul> + <li><b>2021-02-18:</b> <b>cees-elzinga</b> combined a ptrace race condition with an ASLR bypass to modify <code>/etc/passwd</code> and become root. (<a href="https://github.com/SerenityOS/serenity/issues/5230">Bug report and exploit</a>)</li> <li><b>2021-02-11:</b> <b>vakzz</b> wrote the first-ever full chain exploit, stringing together a LibJS bug and a kernel bug to create a web page that got root access when viewed in our browser. (<a href="https://devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html">Writeup and exploit</a>)</li> <li><b>2020-12-22:</b> <b>ALLES! CTF</b> found a kernel LPE due to missing EFLAGS validation in <code>ptrace()</code>. (<a href="https://github.com/allesctf/writeups/blob/master/2020/hxpctf/wisdom2/writeup.md">Writeup and exploit</a>)</li> <li><b>2020-12-20:</b> <b>yyyyyyy</b> found a kernel LPE due to a race condition between <code>execve()</code> and <code>ptrace()</code>. (<a href="https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/">Writeup and exploit</a>)</li> |