sgrakkyu’s SCTP Remote kernel root
I just saw this blog entry with that excellent exploit code.I had blogged about that bug on January and I was saying that it was exploitable but not a really simple one. Since the overwrite was limited to __u16 and it was on SLAB allocated memory. I had written a simple PoC that triggered that bug but I’ve never thought that someone will spend enough time to write this.
However, sgrakkyu wrote one of the greatest codes I’ve read so far. Well, I cannot say anything else on this… Thank you sgkrakkyu for sharing all this knowledge! :-)