[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: vulnerability in 8.6

Hi,

On Mon, Nov 07, 2016 at 06:54:55PM +0300, Ozgur wrote:
> Hi all,
> 
> I have been reading security articles and I seen a test with Debian Linux
> vulnerability of kernel. I tested and given a successful exploit.
> 
> List a vuln:
> 
> https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
> 
> My testing:
> 
> dirtycow.c (status: success)
> cowroot.c (status: success)
> 
> For example, I have installed Debian and kernel version are as follow:
> 
> Linux 3.16.0-4-amd64 (Debian 8.6)
> 
> I created a "zoo" file with root privileges and locked a file:
> 
> # echo I'm a root > foo
> # chmod 0404 foo
> # ls -la foo
> -r-----r-- 1 root root 11 Nov  7 10:13 foo
> 
> then I'm return my user (not root) and I downloaded the exploit script and
> run it:
> 
> $ gcc -pthread dirtyc0w.c -o dirtyc0w
> $ ./dirtyc0w foo blabla
> $ cat foo
> blabla
> 
> what is the suggestion on this exploit?

Have you installed the Kernel update as per the security advisory
DSA-3696-1? Which kernel image do you have installed, which kernel is
running?

 [0] https://www.debian.org/security/2016/dsa-3696

Regards,
Salvatore
Reply to: