Re: Wheezy is vulnerable to CVE-2013-2094
On 14 May 2013 18:36, John Andreasson <andreassonjohn@gmail.com> wrote:
>
> Hi.
>
> Was just alerted of a kernel bug in RHEL [1], but when testing the sample code on Wheezy as an unprivileged user it successfully gives me a root prompt. Kind of suboptimal. :-(
>
> Any idea when this is fixed?
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=962792
Hi John,
I'm unable to replicate this 'issue' on my up to date Wheezy laptop.
gavin@caelyn:~$ uname -a
Linux caelyn 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux
When I run the compiled binary of this exploit as my unprivileged user
I get the following error:-
gavin@caelyn:~$ ./getroot
2.6.37-3.x x86_64
sd@f***sheep.org 2010
getroot: getroot.c:81: main: Assertion `p = memmem(code, 1024,
&needle, 8)' failed.
Aborted
What kernel are you able to replicate this bug with ?
Reply to: