Curiosity is insubordination in its purest form. -Vladimir Nabokov

martes, 24 de enero de 2012

Linux Local Privilege Escalation via SUID /proc/pid/mem Write

http://blog.zx2c4.com/749

Introducing Mempodipper, an exploit for CVE-2012-0056. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process’s virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels >=2.6.39 are vulnerable, up until the fix commit for it a couple days ago. Let’s take the old kernel code step by step and learn what’s the matter with it.

Tiene buena pinta, ver los comentarios.

Enjoy!

Related Posts by Categories



1 comentarios :

vlan7 dijo...

Hola,
Sor_Zitroën de Wadalbertia y algun proyecto mas me envia un correo confirmandolo pues tiene algun problema para comentar en el blog: "Comprobado en una Ubuntu 11.10 con núcleo versión 3.0.0-14-generic. Elevación de privilegios a UID 0 sin mayor problema. ¡Saludos!"
Y añade:
"si se actualiza a la versión del núcleo 3.0.0-15 de Ubuntu ya no funciona."
Gracias maestro!