Yupe, that’s true when sock_sendpage() is discovered to be vulnerable by Tavis Ormandy and Julien Tinnes. The function is vulnerable to NULL pointer dereference that can be exploited to escalate priviledge to be root. Most of linux kernel are reported to be vulnerable. Exploit to take advantage of this flaw has been developed and spreaded freely on internet. The exploit can be used to bypass security restriction like SElinux.
http://milw0rm.com/exploits/9435 – the first written exploit by spender of gresecurity
http://milw0rm.com/exploits/9436 – another exploit taken from www.frasunek.com
http://milw0rm.com/exploits/9479 – another exploit from p0c73n1
http://milw0rm.com/exploits/9545 – another exploit written by Ramon de Carvalho Valle of risesecurity
Download the exploit, compile and execute! BOOMMM It’s root! Finally, this post is a little bit late .
IPSECS Admin is
Email this author | All posts by IPSECS Admin | Subscribe to Entries (RSS)