Linux Kernel Bashing
August 14th, 2009 by jbrown, Filed under: Commentary, Full Disclosure, Culture, Insider Threat, Networking, Sec Tools
This summer may have caused a few burden’s on linux administrators. By all the patching necessary to keep their systems out of the hands of those who would choose to exploit it, unless your using something like Ksplice, you’ve more than likely rebooted many times already. Well, here is one more reason to wake this early this morning…
New exploits for the “Linux NULL pointer dereference due to incorrect proto_ops initializations” vulnerability have been released, here and here. I just tried the second one out myself on a (currently) fully updated Ubuntu Jaunty workstation, with (_default_) successful results.
linux@ubuntu:~/2009-proto_ops$ sh run.sh
run.c: In function ‘main’:
run.c:13: warning: missing sentinel in function call
padlina z lublina!
# id
uid=0(root) gid=0(root) groups=4(adm),20(dialout),24(cdrom),46(plugdev)
# exit
linux@ubuntu:~/2009-proto_ops$
A reliable local root exploit for that affects all linux kernels 2.x. Feels like 2003 all over again :X
-
Make your website safe from SQL Injection attacks. Signup for a daily penetration testing to protect your network!
Subscribe
Subscribe
I just ran this this morning and it did not work. Here are some details.
Linux@ubuntu:~/Desktop$ sh run.sh
run.c: In function ‘main’:
run.c:13: warning: missing sentinel in function call
padlina z lublina!
mprotect: Cannot allocate memory
Linux@ubuntu:~/Desktop$ id
uid=1000(Linux) gid=1000(Linux) groups=4(adm),20(dialout),24(cdrom),46(plugdev),108(lpadmin),123(admin),124(sambashare),1000(Linux)
Linux@ubuntu:~/Desktop$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=9.04
DISTRIB_CODENAME=jaunty
DISTRIB_DESCRIPTION=”Ubuntu 9.04″
Linux@ubuntu::~/Desktop$ uname -r
2.6.28-14-generic