[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Local vmsplice root exploit. Patch up!

To: sheflug@xxxxxxxxxxxxxx
Subject: [Sheflug] Local vmsplice root exploit. Patch up!
From: John Beaumont <john@xxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Feb 2008 20:34:56 +0000
Delivered-to: sheflug@meiring.org.uk
List-help: <mailto:sheflug-request@sheflug.org.uk?subject=help>
List-id: <sheflug_sheflug.org.uk.sheflug.org.uk>
List-post: <mailto:sheflug@sheflug.org.uk>
List-subscribe: <http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=unsubscribe>
Reply-to: sheflug@xxxxxxxxxxxxxx
Sender: sheflug-bounces@xxxxxxxxxxxxxx

I'm sure you've all read about this on Slashdot. But just in case here's
the link http://it.slashdot.org/it/08/02/10/2011257.shtml


Owning your own box has never been so much fun. I was able to gain root
on my Ubuntu machine in 10 seconds:

john@nebulous:~/Desktop$ gcc exploit.c -o exploit
exploit.c:289:28: warning: no newline at end of file
john@nebulous:~/Desktop$ chmod u+x exploit
john@nebulous:~/Desktop$ ./exploit
-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7dba000 .. 0xb7dec000
[+] root
root@nebulous:~/Desktop# whoami
root





_______________________________________________
        Sheffield Linux User's Group
  http://www.sheflug.org.uk/mailfaq.html
 GNU - The choice of a complete generation

Prev by Date: [Sheflug] ShefLUG - February Meeting
Next by Date: [Sheflug] No More Music
Previous by thread: [Sheflug] ShefLUG - February Meeting
Next by thread: [Sheflug] No More Music
Index(es):
- Date
- Thread