Linux Kernel 2.x sock_sendpage() Local Ring0 Root Exploit

2009/08/15 14:20 | 鬼仔 | 工具收集 | 占个座先

/* dedicated to my best friend in the whole world, Robin Price
the joke is in your hands

just too easy — some nice library functions for reuse here though

credits to julien tinnes/tavis ormandy for the bug

may want to remove the __attribute__((regparm(3))) for 2.4 kernels, I have no time to test

spender@www:~$ cat redhat_hehe
I bet Red Hat will wish they closed the SELinux vulnerability when they were given the opportunity to. Now all RHEL boxes will get owned by leeches.c :p

fd7810e34e9856f77cba67f291ba115f33411ebd
d4b0e413ebf15d039953dfabf7f9a2d1

thanks to Dan Walsh for the great SELinux bypass even on “fixed” SELinux
policies

and nice work Linus on trying to silently fix an 8 year old vulnerability, leaving vendors without patched kernels for their users.

use ./wunderbar_emporium.sh for everything

don’t have mplayer? watch an earlier version of the exploit at:

*/

http://www.grsecurity.net/~spender/wunderbar_emporium.tgz
back: http://milw0rm.com/sploits/2009-wunderbar_emporium.tgz

# milw0rm.com [2009-08-14]

Tags: , , ,

相关日志

楼被抢了 2 层了... 抢座Rss 2.0或者 Trackback

  • cnbird | 2009-08-17 09:37 | #

    这个比较强啊,测试了貌似全部通过了。。
    2.6.9
    2.6.18
    2.4.20
    2.4.21
    测试了4个系统全部root。。。。

    回复该留言
  • beach | 2009-08-19 13:28 | #

    鄙视楼上

    回复该留言

发表评论