Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
Dan
--snip--
/*
* Linux Kernel <= 2.6.37 local privilege escalation
* by Da
Well, I'm a first time writer to Bugtraq, but this is interesting. I
commented out the call to clone(), and after it simply called
trigger(fildes), and apparently, it works. Only tested on a stock
install of Ubuntu 10.10, but I thought the bug was in clone()?
On 12/7/2010 2:25 PM, Dan Rosenberg wr
On Fri Dec 10, 2010 at 17:52:37, Wolf wrote:
> Well, I'm a first time writer to Bugtraq, but this is interesting. I
> commented out the call to clone(), and after it simply called
> trigger(fildes), and apparently, it works. Only tested on a stock
> install of Ubuntu 10.10, but I thought the bug wa
On Wed, Dec 08, 2010 at 12:44:09AM +0300, Kai wrote:
>
> > Anyone tested this in sandbox yet?
>
> 00:37 linups:../expl/kernel > cat /etc/*release*
> openSUSE 11.3 (i586)
> VERSION = 11.3
> 00:37 linups:../expl/kernel > uname -r
> 2.6.34.4-0.1-desktop
> 00:37 linups:../expl/kernel > gcc _2.6.37.l
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
Hi all,
I've included here a proof-of-concept local privilege escalation exploit
for Linux. Please read the header for an explanation of what's going
on. Without further ado, I present full-nelson.c:
Happy hacking,
g"
Cc: full-disclos...@lists.grok.org.uk, bugtraq@securityfocus.com
Sent: Tuesday, December 7, 2010 4:06:44 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Anyone tested this in sandbox yet?
On 07/12/2010 20:25, Dan Rosenberg wrote:
> Hi all,
>
> I've included
> Anyone tested this in sandbox yet?
00:37 linups:../expl/kernel > cat /etc/*release*
openSUSE 11.3 (i586)
VERSION = 11.3
00:37 linups:../expl/kernel > uname -r
2.6.34.4-0.1-desktop
00:37 linups:../expl/kernel > gcc _2.6.37.local.c -o test
00:37 linups:../expl/kernel > ./test
[*] Failed to open
> I've included here a proof-of-concept local privilege escalation exploit
> for Linux. Please read the header for an explanation of what's going
> on. Without further ado, I present full-nelson.c:
Hello Dan, is this exploitation not mitigated by best practice
defense-in-depth strategies such
Debian lenny:
nik...@sandbox:~$ uname -a
Linux sandbox 2.6.26-2-amd64 #1 SMP Thu Sep 16 15:56:38 UTC 2010
x86_64 GNU/Linux
nik...@sandbox:~$ make full-nelson
cc full-nelson.c -o full-nelson
nik...@sandbox:~$ ./full-nelson
[*] Resolving kernel addresses...
[+] Resolved econet_i
$ ./nelson
[*] Failed to open file descriptors.
$ uname -r
2.6.35.6-48.fc14.x86_64
$ cat /etc/redhat-release
Fedora release 14 (Laughlin)
But I updated a couple of days ago.
--
Best regards,
Vadim
On Wed Dec 08, 2010 at 11:58:58, John Jacobs wrote:
>
> > I've included here a proof-of-concept local privilege escalation exploit
> > for Linux. Please read the header for an explanation of what's going
> > on. Without further ado, I present full-nelson.c:
>
> Hello Dan, is this exploitation n
sage-
From: "Cal Leeming [Simplicity Media Ltd]"
Sender: full-disclosure-boun...@lists.grok.org.uk
Date: Mon, 13 Dec 2010 20:40:45
To: Ariel Biener
Cc: ; ;
;
Subject: Re: [Full-disclosure] Linux kernel exploit
___
Cc: "leandro lista" , fireb...@backtrack.com.br,
bugtraq@securityfocus.com, full-disclos...@lists.grok.org.uk
Sent: Monday, December 13, 2010 4:08:05 PM GMT -05:00 US/Canada Eastern
Subject: Re: [Full-disclosure] Linux kernel exploit
Please don't inundate me with e-mail because none of you bothered to
But he said that RedHat (and thus CentOS) doesn't have Econet enabled by
default.
--Ariel
fireb...@backtrack.com.br wrote:
> I tested it on a VM with CentOS 5.5 i386 updated and did not work.
>
> Last login: Tue Dec 13 12:48:54 2010
> [r...@localhost~]#nano full-nelson.c
> [r...@localhost~]#gcc-o
I tested it on a VM with CentOS 5.5 i386 updated and did not work.
Last login: Tue Dec 13 12:48:54 2010
[r...@localhost~]#nano full-nelson.c
[r...@localhost~]#gcc-o full-nelson.c full-nelson
[r...@localhost~]#./full-nelson
[*] Failed to open file descriptors.
[r...@localhost~]# uname-a
Linux local
15 matches
Mail list logo
