| 1 |
on hardened I got next |
| 2 |
|
| 3 |
----------------------------------- |
| 4 |
Linux vmsplice Local Root Exploit |
| 5 |
By qaaz |
| 6 |
----------------------------------- |
| 7 |
[+] mmap: 0x0 .. 0x1000 |
| 8 |
[+] page: 0x0 |
| 9 |
[+] page: 0x20 |
| 10 |
[+] mmap: 0x4000 .. 0x5000 |
| 11 |
[+] page: 0x4000 |
| 12 |
[+] page: 0x4020 |
| 13 |
[+] mmap: 0x1000 .. 0x2000 |
| 14 |
[+] page: 0x1000 |
| 15 |
[+] mmap: 0x51e7d000 .. 0x51eaf000 |
| 16 |
ïÛÉÂËÁ ÓÅÇÍÅÎÔÉÒÏ×ÁÎÉÑ - Segmentation Fault |
| 17 |
|
| 18 |
I think PaX prevent exploit)) |
| 19 |
|
| 20 |
áÌÅËÓÅÊ ìÅÓÏ×ÓËÉÊ ÐÉÛÅÔ: |
| 21 |
> Ok. I compiled this sources successful, and vhen I execute him I got next |
| 22 |
> |
| 23 |
> ----------------------------------- |
| 24 |
> Linux vmsplice Local Root Exploit |
| 25 |
> By qaaz |
| 26 |
> ----------------------------------- |
| 27 |
> [-] !@#$ |
| 28 |
> |
| 29 |
> and what is it? :-) executed on gentoo-sources kernel, not hardened |
| 30 |
> |
| 31 |
> Natanael Copa ÐÉÛÅÔ: |
| 32 |
>> On Tue, 2008-02-12 at 10:02 +0500, áÌÅËÓÅÊ ìÅÓÏ×ÓËÉÊ wrote: |
| 33 |
>> |
| 34 |
>>> Anyone, can send me compiled exploit? i tests my hardened hosts |
| 35 |
>>> my gcc cannot compile sources |
| 36 |
>>> |
| 37 |
>> |
| 38 |
>> Attatched is a slightly modified version of the exploit that should |
| 39 |
>> compile for you. (uses sysconf(_SC_PAGE_SIZE) rather than PAGE_SIZE from |
| 40 |
>> asm/page.h) |
| 41 |
>> |
| 42 |
>> -nc |
| 43 |
>> |
| 44 |
> |
| 45 |
|
| 46 |
-- |
| 47 |
gentoo-hardened@l.g.o mailing list |
Archives