A story of three kernel vulnerabilities

Posted Feb 20, 2013 4:09 UTC (Wed) by rahvin (guest, #16953)
In reply to: A story of three kernel vulnerabilities by hibiscus
Parent article: A story of three kernel vulnerabilities

The point is that even a bad exploit that takes days could be scripted to run automatically while the cracker does other things. Unless you've got some rate limiting on such things a script can be written to automate even a 0.000001% success rate into a 100% success rate given time.

to post comments

A story of three kernel vulnerabilities

Posted Feb 21, 2013 15:03 UTC (Thu) by alankila (guest, #47141) [Link] (1 responses)

To inject some numbers to this claim, and unless I am badly mistaken, the failure chance is 99.999999%. Raising that number to the power of approximately 70 million yields around 50 % success probability. It is fundamentally a matter of chance, so 100% success can never be achieved, though something very close to it can be achieved, of course.

In any case this sort of probabilities require means to fire the attack several times per second or it will probably take years of continuous attempting before succeeding. Unfortunately ptrace sounds like the sort of thing you can try thousands of times per second.

A story of three kernel vulnerabilities

Posted Feb 21, 2013 16:20 UTC (Thu) by drag (guest, #31333) [Link]

I am guessing that those numbers are the worst case scenario when it comes to the viewpoint of the attacker. I would expect that there are a significant number of things that can be done to improve the odds.