Re: local root exploit

To: debian-security@lists.debian.org
Subject: Re: local root exploit
From: Carlos Tirado <carlos.tirado@gmail.com>
Date: Mon, 10 Jan 2005 12:36:27 -0300
Message-id: <[🔎] 4671bed205011007365cf51cf3@mail.gmail.com>
Reply-to: Carlos Tirado <carlos.tirado@gmail.com>
In-reply-to: <[🔎] 41E29D6D.1030806@kernelpanic.ru>
References: <[🔎] 200501101519.33354.vladislav.kurz@webstep.net> <[🔎] 20050110152900.105c6a49.jacques@pollux.frmug.org> <[🔎] 200501101537.52174.vladislav.kurz@webstep.net> <[🔎] 4671bed20501100716143596a5@mail.gmail.com> <[🔎] 41E29D6D.1030806@kernelpanic.ru>

[+] SLAB cleanup
    child 1 VMAs 65406
[+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xd4000000 - 0xe7ff1000
    Wait... -
[+] race won maps=51294
    expanded VMA (0xbfffc000-0xffffe000)
[!] try to exploit 0xd4915000
[+] gate modified ( 0xffec90f4 0x0804ec00 )
[+] exploited, uid=0

sh-2.05a# whoami
root



On Mon, 10 Jan 2005 18:21:17 +0300, Boris B. Zhmurov <bb@kernelpanic.ru> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello, Carlos Tirado.
> 
> On 10.01.2005 18:16 you said the following:
> 
> | carlos@tuxsystem:~/security$ ./elflbl
> |
> | [+] SLAB cleanup
> |     child 1 VMAs 605
> | [+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
> | [+] vmalloc area 0xd4000000 - 0xe7ff1000
> |     Wait... \
> | [-] FAILED: try again (-f switch) and again (Cannot allocate memory)
> ~                    ^^^^^^^^^^
> 
> Keyword is "again".
> 
> - --
> Boris B. Zhmurov
> mailto: bb@kernelpanic.ru
> "wget http://kernelpanic.ru/bb_public_key.pgp -O - | gpg --import"
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
> 
> iD8DBQFB4p1tmEQixi5w37YRAmcRAJ9+H4Hrkso5/EIZCroHwck19GdsYgCfUeAP
> aIMSt1HytYd7xD915Lf7cY8=
> =viUY
> -----END PGP SIGNATURE-----
> 
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 


-- 
Carlos Tirado E.
http://www.layapa.cl

Reply to:

Follow-Ups:
- Re: local root exploit
  - From: "Boris B. Zhmurov" <bb@kernelpanic.ru>

References:
- Re: local root exploit
  - From: Vladislav Kurz <vladislav.kurz@webstep.net>
- Re: local root exploit
  - From: Jacques Lav!gnotte <jacques@pollux.frmug.org>
- Re: local root exploit
  - From: Vladislav Kurz <vladislav.kurz@webstep.net>
- Re: local root exploit
  - From: Carlos Tirado <carlos.tirado@gmail.com>
- Re: local root exploit
  - From: "Boris B. Zhmurov" <bb@kernelpanic.ru>

Prev by Date: Re: local root exploit
Next by Date: Re: local root exploit
Previous by thread: Re: local root exploit
Next by thread: Re: local root exploit
Index(es):
- Date
- Thread