Re: local root exploit

To: debian-security@lists.debian.org
Subject: Re: local root exploit
From: Louis Guerin <guerin@gmx.net>
Date: Sat, 8 Jan 2005 15:40:33 +0900
Message-id: <[🔎] 20050108064033.GF1420@magpie.excellentmax.net>

Ok, more data.

[...]

> Sarge, 2.6.7-1-686 and sid, 2.6.9 custom kernel (same behavior):
> 
> $ ./elflbl
> 
>     child 1 VMAs 0
> [+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
> [+] vmalloc area 0xc8000000 - 0xcfc32000
> 
> (at this point it eats all the cpu and ram it can get, until killed)
> 

If not killed, it seems to come to some sort of eventual conclusion. I've run it several times on each box, and on the sarge box (2.6.7-1-686) I get:

$ ./elflbl

    child 1 VMAs 0
[+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000
[+] vmalloc area 0xc8000000 - 0xcfc32000

[-] FAILED: try again (Cannot allocate memory)
Killed

On my sid box I get a segfault after ~5 minutes of thrashing every time.

So it looks like it could work in theory, but I still haven't gotten a root shell out of it, and I've been trying about an hour.

Cheers,
L

Reply to:

Prev by Date: Re: local root exploit
Next by Date: [PATCH] 2.4.28 and 2.6.10 PATCH FOR uselib() exploit
Previous by thread: Re: local root exploit
Next by thread: Re: local root exploit
Index(es):
- Date
- Thread