Robert Vangel wrote:
It says it did exploit but it didn't... A.Try doing something that would require root (eg.. mount something, create a file in /, etc)
Yep I tried that but I don't have root permissions
arnaud@server:~$ ./a.out
[+] SLAB cleanup
child 1 VMAs 9019
[+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xc5000000 - 0xc9d17000
Wait... \
[+] race won maps=14088
expanded VMA (0xbfffc000-0xffffe000)
[!] try to exploit 0xc594b000
[+] gate modified ( 0xffec9094 0x0804ec00 )
[+] exploited, uid=0
sh-2.05a$ whoami ; echo $UID
arnaud
0
sh-2.05a$ rm -rf /root/*
rm: cannot remove `/root/*': Permission denied
sh-2.05a$
I didn't get the original code working either with a tmpfs mounted... :(
Same result...
2.4.18-1-586tsc
A.