[NBLUG/talk] local root exploit, no vendor patches available at the moment

Troy Arnold fryman at sonic.net
Tue Mar 2 08:34:00 PST 2004


On Tue, Mar 02, 2004 at 10:44:34AM +0100, error wrote:
> Hey everyone,
> 
> This is a pretty amazing in the "real real bad" department.
> 
> http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
> 
> 
> The exploit in that advisory is simple to use, script kiddies be damned.
> 
> Pretty much every (2.4.x,2.6.x) box on the net with local user access
> can be rooted.
> 
> I forwarded this along so that wonder how hard it is to exploit a box
> (getting root locally), can see this in the real world.
> 
> It was posted to bugtraq and it's in the wild.
> 
> Anyone have any suggestions for patches to fix this (kernel land
> obviously)?

wget ftp://ftp.sonic.net/mirrors/linux-kernels/v2.4/linux-2.4.25.tar.bz2
...

AFAIK, 2.4.25 is not vulnerable to this.  Or do you know something that
the advisory doesn't mention?  I ran the POC on my 2.4.25 boxes,
(removing the checks for version <=2.4.24) and I can't get root, d00d!

If you have a working exploit for 2.4.25, share it.  I want to root
bolt! ;)  (Hi, Scott ;-) )

-troy



More information about the talk mailing list