old blog,

local root exploit in the wild!!!

Izhar Firdaus Izhar Firdaus Follow Support Feb 11, 2008 · 1 min read
local root exploit in the wild!!!
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
https://www.redhat.com/archives/fedora-list/2008-February/msg01215.html

https://bugzilla.redhat.com/show_bug.cgi?id=432229

Affected kernels: 2.6.17 till 2.6.24

I tried it on my boxes, and heres the result

Hoshino
Release: Werewolf
SELinux: Enforcing
Result : R00TED!

[kagesenshi@Hoshino tmp]$ ./a.out
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7f95000 .. 0xb7fc7000
[+] root
[root@Hoshino tmp]# uname -a
Linux Hoshino.KageSenshi.Org 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:59 EST 2007 i686 i686 i386 GNU/Linux



Hikari
Release: Rawhide
SELinux: Permissive
Result : Safe (I think)

[izhar@hikari tmp]$ ./a.out
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7f61000 .. 0xb7f93000
Segmentation fault
[izhar@hikari tmp]$ uname -a
Linux hikari.kagesenshi.org 2.6.24-23.fc9 #1 SMP Wed Feb 6 11:36:31 EST 2008 i686 i686 i386 GNU/Linux


I just refreshed the bugzilla page, and it seems like fixes are on the way to all F7, F8, Rawhide users.


Comment #9 From Mark J. Cox (Security Response Team) on 2008-02-10 16:05 EST

So to fix this you need 2.6.24.1 +
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44

or if backporting, an earlier kernel plus both
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8811930dc74a503415b35c4a79d14fb0b408a361
and
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44

Comment #10 From Chuck Ebbert on 2008-02-10 22:26 EST

Fixed in:

kernel-2.6.24.1-28.fc9
kernel-2.6.23.15-137.fc8
kernel-2.6.23.15-80.fc7


Great and Thanks!!!. Those who are hosting a multiuser system, update your kernels now!.
Written by Izhar Firdaus Follow Support
I'm a system architect, data engineer and developer advocate with passion in Free / Open Source software, entrepreneurship, community building, education and martial art. I take enjoyment in bridging and bringing together different FOSS technologies to help businesses and organizations utilize IT infrastructure to aid and optimize their business and organizational process.

Automatic kernel crash reporting?

I updated to today's rawhide and rebooted. It boots but crashed when loading Xorg. Rebooted again and it back working. After login, a...

In old blog, Feb 09, 2008

« Previous Post

An Open Letter for the Rector of PETRONAS University of Technology

DISCLAIMER:THIS OPEN LETTER IS MY OWN OPINION, FROM MY OWN POINT OF VIEW OF LOOKING AT THE CURRENT STATE OF AFFAIRS IN UTP. IT DOES N...

In old blog, Feb 12, 2008

Next Post »