[NBLUG/talk] local root exploit, no vendor patches available at the moment
Troy Arnold
fryman at sonic.net
Tue Mar 2 08:34:00 PST 2004
On Tue, Mar 02, 2004 at 10:44:34AM +0100, error wrote:
> Hey everyone,
>
> This is a pretty amazing in the "real real bad" department.
>
> http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
>
>
> The exploit in that advisory is simple to use, script kiddies be damned.
>
> Pretty much every (2.4.x,2.6.x) box on the net with local user access
> can be rooted.
>
> I forwarded this along so that wonder how hard it is to exploit a box
> (getting root locally), can see this in the real world.
>
> It was posted to bugtraq and it's in the wild.
>
> Anyone have any suggestions for patches to fix this (kernel land
> obviously)?
wget ftp://ftp.sonic.net/mirrors/linux-kernels/v2.4/linux-2.4.25.tar.bz2
...
AFAIK, 2.4.25 is not vulnerable to this. Or do you know something that
the advisory doesn't mention? I ran the POC on my 2.4.25 boxes,
(removing the checks for version <=2.4.24) and I can't get root, d00d!
If you have a working exploit for 2.4.25, share it. I want to root
bolt! ;) (Hi, Scott ;-) )
-troy
More information about the talk
mailing list