Credit: Wei Yongjun and sgrakkyu
Remote kernel memory corruption vulnerabilities are rare, remote kernel memory corruption vulnerabilities that are reliably exploitable are even more rare. This vulnerability was a memory corruption in the Linux 2.6 kernel SCTP stack. After a number of the Linux distributions released security advisories claiming that the impact of this bug was only denial of service, sgrakkyu wrote an exploit that actually demonstrated that it was much more serious. The exploit works against vulnerable x86-64 hosts, disabling SELinux if necessary, and popping a remote connect-back shell for the attacker. Good show.