I can't get the Linux kernel RDS exploit to exploit my machine...

To: ML Debian-User <debian-user@lists.debian.org>
Subject: I can't get the Linux kernel RDS exploit to exploit my machine...
From: Ron Johnson <ron.l.johnson@cox.net>
Date: Thu, 21 Oct 2010 16:49:43 -0500
Message-id: <[🔎] 4CC0B577.3090503@cox.net>

I installed my kernel back on 01-Oct, so it should be vulnerable,but it's not, even when I modprobed the rds modules.


http://www.zdnet.com/blog/security/linux-kernel-vulnerability-coughs-up-superuser-rights/7509

$ apt-cache policy linux-image-2.6.32-5-amd64
linux-image-2.6.32-5-amd64:
  Installed: 2.6.32-24
  Candidate: 2.6.32-26
  Version table:
     2.6.32-26 0
        500 http://mirrors.kernel.org/debian/ sid/main amd64 Packages
 *** 2.6.32-24 0
        100 /var/lib/dpkg/status

$ uname -r
2.6.32-5-amd64

$ cat /etc/debian_version
squeeze/sid

$ grep RDS /boot/config-2.6.32-5-amd64
CONFIG_RDS=m
CONFIG_RDS_RDMA=m
CONFIG_RDS_TCP=m
# CONFIG_RDS_DEBUG is not set

# modprobe rds
# modprobe rds_tcp
# modprobe rds_rdma

$ lsmod | grep rds
rds_rdma               56776  0
rdma_cm                20582  1 rds_rdma

ib_core 40967 6rds_rdma,rdma_cm,ib_cm,iw_cm,ib_sa,ib_mad

rds_tcp                 8260  0
rds                    70414  2 rds_rdma,rds_tcp

$ wget http://www.vsecurity.com/download/tools/linux-rds-exploit.c

--2010-10-21 10:18:35--http://www.vsecurity.com/download/tools/linux-rds-exploit.c

Resolving www.vsecurity.com... 209.67.252.12
Connecting to www.vsecurity.com|209.67.252.12|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6435 (6.3K) [text/x-c]
Saving to: “linux-rds-exploit.c”

100%[=================================================================>]6,435 33.4K/s in 0.2s

2010-10-21 10:18:36 (33.4 KB/s) - “linux-rds-exploit.c” saved[6435/6435]


$ ./a.out
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses...
 [+] Resolved rds_ioctl to 0xffffffffa1009000
 [+] Resolved commit_creds to 0xffffffff81069235
 [+] Resolved prepare_kernel_cred to 0xffffffff81069138
[*] Failed to resolve kernel symbols.

$ sudo ~me/a.out
[sudo] password for me:
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses...
 [+] Resolved rds_ioctl to 0xffffffffa1009000
 [+] Resolved commit_creds to 0xffffffff81069235
 [+] Resolved prepare_kernel_cred to 0xffffffff81069138
[*] Failed to resolve kernel symbols.


--
Seek truth from facts.

Reply to:

Follow-Ups:
- Re: I can't get the Linux kernel RDS exploit to exploit my machine...
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: scrollbar on left side
Next by Date: s/2mm/2cm (was Re: scrollbar on left side)
Previous by thread: Re: Remote Assistance Software
Next by thread: Re: I can't get the Linux kernel RDS exploit to exploit my machine...
Index(es):
- Date
- Thread