Linux kernel < 2.6.22 open/ftruncate local exploit October 28, 2008
Posted by y2h4ck in General Hacking, General Security.Tags: exploit, Hacking, kernel exploit, linux, linux kernel exploit, Pentesting
trackback
(Description Provided by CVE) : fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
Exploit aqui: http://www.milw0rm.com/exploits/6851
References:
- CVE ID: 2008-4210 (see also: NVD)
- Bugtraq ID: 31368
- Secunia Advisory ID: 32237 32344 32356
- Vendor Specific News/Changelog Entry: http://bugzilla.kernel.org/show_bug.cgi?id=8420
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=7b ……
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
https://bugzilla.redhat.com/show_bug.cgi?id=463661 - Other Advisory URL: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.8
http://www.openwall.com/lists/oss-security/2008/09/24/5
http://www.openwall.com/lists/oss-security/2008/09/24/8
http://www.us.debian.org/security/2008/dsa-1653 - Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00007.html
Comments»
No comments yet — be the first.