:: Maestria Blog Server Security

Linux Kernel v 2.6 local root exploit

Saturday, February 16th, 2008

Linux kernel version from 2.6.17 to 2.6.24.1 all are affected because of vmsplice bug

Testing: You can have your hack script download from here compile it as local user to get the root access in the above vulnerable kernels.

http://www.milw0rm.com/exploits/5092

http://www.milw0rm.com/exploits/5093

Change directory to your kernel source code:
# cd linux-2.6.xx.yy
Download and save patch file as fix.vmsplice.exploit.patch:
# cat fix.vmsplice.exploit.patch
Output:

--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
                if (unlikely(!len))
                        break;
                error = -EFAULT;
-               if (unlikely(!base))
+               if (!access_ok(VERIFY_READ, base, len))
                        break;

                /*

Patch the present kernel tree

# patch < fix.vmsplice.exploit.patch -p1
Now recompile kernel

Posted in Server Security | No Comments »

Archive for the ‘Server Security’ Category

Linux Kernel v 2.6 local root exploit

Archives

Categories