Linux privilege escalation> = 2.6.39
After Linus patched the kernel on January 17, a detailed description of the vulnerability with privilege elevation via
The author of the description of the vulnerability did not initially lay out the finished code, but since, based on his blog post, such exploits did appear in the public domain, he also posted his exploit Mempodipper . Here is also the shellcode for the 32-bit and 64-bit versions. Here is a video with a hack demonstration.
The appearance of the vulnerability was made possible due to the fact that in the 2.6.39 kernel it was decided to remove the "redundant" protection
/proc/pid/mem in suid was published. This is a pretty smart hack, which is applicable to all versions of the kernel> = 2.6.39. You can check on your own or on some unpatched remote server.The author of the description of the vulnerability did not initially lay out the finished code, but since, based on his blog post, such exploits did appear in the public domain, he also posted his exploit Mempodipper . Here is also the shellcode for the 32-bit and 64-bit versions. Here is a video with a hack demonstration.
The appearance of the vulnerability was made possible due to the fact that in the 2.6.39 kernel it was decided to remove the "redundant" protection
#ifdef .')
Source: https://habr.com/ru/post/136826/
All Articles