Re: Linux kernel exploit

[Thomas SOETE <thomas () soete org>]

Failed on Ubuntu 10.10 (2.6.35-23-generic)

toms@bifrost:/tmp$ uname -a
Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
2010 x86_64 GNU/Linux

toms@bifrost:/tmp$ ./a.out
[*] Resolving kernel addresses...
 [+] Resolved econet_ioctl to 0xffffffffa03d9610
 [+] Resolved econet_ops to 0xffffffffa03d9720
 [+] Resolved commit_creds to 0xffffffff810863c0
 [+] Resolved prepare_kernel_cred to 0xffffffff81086890
[*] Calculating target...
[*] Triggering payload...
[*] Exploit failed to get root.



2010/12/7 coderman <coderman () gmail com>:
> On Tue, Dec 7, 2010 at 12:25 PM, Dan Rosenberg
> <dan.j.rosenberg () gmail com> wrote:
> > ... I've included here a proof-of-concept local privilege escalation exploit...
> >  * This exploit leverages three vulnerabilities to get root, all of which were
> >  * discovered by Nelson Elhage:
> > ...
> >  * However, the important issue, CVE-2010-4258, affects everyone, and it would
> >  * be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
> >  * more sophisticated version of this...
>
> nice :)
>
> clearly demonstrates why risk is complicated and seemingly minor
> defects (worth delaying patches for weeks/months? ;) can combine into
> truly ugly vulnerabilities...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/