当前位置:首页 > 报告详情

KernJC:用于生成 Linux 内核漏洞的自动化易受攻击环境.pdf

上传人: 竿*** 编号:981799 2025-11-29 30页 3.28MB

1、#BHAS BlackHatEventsKernJC:Automated Vulnerable KernJC:Automated Vulnerable Environment Generation for Linux Environment Generation for Linux Kernel VulnerabilitiesKernel VulnerabilitiesSpeakers:Bonan Ruan,Jiahao LiuContributors:Chuqi Zhang,Zhenkai Liang#BHAS BlackHatEventsBonan Ruan,Ph.D.Student,NU

2、S Ex-NSFOCUS Security Researcher GitHub:brant-ruan Homepage:profile.wohin.me E-mail:r-bonancomp.nus.edu.sgJiahao Liu,Ph.D.Student,NUS GitHub:ljiahao Homepage:ljiahao.github.io E-mail:jiahao99comp.nus.edu.sgChuqi Zhang,Ph.D.Student,NUS GitHub:Icegrave0391 Homepage:chuqiz.notion.site E-mail:chuqizcomp

3、.nus.edu.sgZhenkai Liang,Assoc Prof,NUS Homepage:comp.nus.edu.sg/liangzk E-mail:liangzkcomp.nus.edu.sgABOUT USnus-curiosity.github.io#BHAS BlackHatE KERNJC#BHAS BlackHatEventsENDLESS KERNEL VULNERABILITIES!Source:Google kernelCTF(https:/ BlackHatEventsIMPACT OF KERNEL VULNERABILITIESSource:Bonans bl

4、og post(https:/blog.wohin.me/posts/thoughts-on-vuln-research-2)#BHAS BlackHatEventsREPRODUCTION!SeverityAssessmentDetection&MitigationDefenseEvaluationApplicationScenariosWhat Do We Need forReproduction?VulnerableEnvironmentProof of Concept(PoC)BrainPatientLuck#BHAS BlackHatEventsDONT TAKE SUCCESSFU

5、L ENV FOR GRANTED!Hello,when building the test environment,I followed the steps above to compile the kernel.It kept getting stuck.During the test,I didnt find any NFQUEUE rule in the target.At the time,I selected many configs,and its possible that some configs were not included.First,check if its an

6、 issue with the compilation options.#BHAS BlackHatEventsEXAMPLE:CVE-2021-22555Description:A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered innet/netfilter/x_tables.c.This allows an attacker to gain privileges or cause a DoS(via heap memory corruption)through user name spac

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《KernJC: Automated VulnerableEnvironment Generation for LinuxKernel Vulnerabilities》的内容,以下是全文关键点: 1. **研究目的**:自动化生成Linux内核漏洞的测试环境。 2. **研究团队**:由Bonan Ruan、Jiahao Liu、Chuqi Zhang和Zhenkai Liang组成。 3. **工具介绍**:KernJC,用于收集漏洞信息、识别版本、配置识别和环境搭建。 4. **实验结果**:成功为66个漏洞构建了复现环境,其中32个需要KernJC识别的非默认配置。 5. **版本识别**:发现NVD中128个漏洞的版本声明有误,错误版本总数达3042个。 6. **工具意义**:提高Linux内核漏洞研究的效率和准确性。
"Linux内核漏洞,KernJC如何应对?" "一键生成漏洞环境,KernJC揭秘!" "CVE版本错误?KernJC帮你识别!"
客服
商务合作
小程序
服务号
折叠