[Help] Current Kernel Exploit - Explaination?!?!?! - Slackware

This is a discussion on [Help] Current Kernel Exploit - Explaination?!?!?! - Slackware ; Hello All; I'm running a custom made kernel 2.6.24. dmitton:$ uname -a Linux 2.6.24 #1 SMP PREEMPT Fri Jan 25 13:15:55 EST 2008 i686 GNU/Linux When I run the exploit (proof of concept code) I get this: dmitton:~/exploit080212$ ./exploit ----------------------------------- ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: [Help] Current Kernel Exploit - Explaination?!?!?!

  1. [Help] Current Kernel Exploit - Explaination?!?!?!

    Hello All;

    I'm running a custom made kernel 2.6.24.

    dmitton:$ uname -a
    Linux 2.6.24 #1 SMP PREEMPT Fri Jan 25 13:15:55 EST 2008 i686 GNU/Linux

    When I run the exploit (proof of concept code) I get this:

    dmitton:~/exploit080212$ ./exploit
    -----------------------------------
    Linux vmsplice Local Root Exploit
    By qaaz
    -----------------------------------
    [+] mmap: 0x0 .. 0x1000
    [+] page: 0x0
    [+] page: 0x20
    [+] mmap: 0x4000 .. 0x5000
    [+] page: 0x4000
    [+] page: 0x4020
    [+] mmap: 0x1000 .. 0x2000
    [+] page: 0x1000
    [+] mmap: 0xb7f02000 .. 0xb7f34000
    [-] vmsplice: No such file or directory
    dmitton:~/exploit080212$

    It apparently should look (something) like this if I have the exploit:

    $ whoami
    heikki
    $ ./exploit
    -----------------------------------
    Linux vmsplice Local Root Exploit
    By qaaz
    -----------------------------------
    [+] mmap: 0x0 .. 0x1000
    [+] page: 0x0
    [+] page: 0x20
    [+] mmap: 0x4000 .. 0x5000
    [+] page: 0x4000
    [+] page: 0x4020
    [+] mmap: 0x1000 .. 0x2000
    [+] page: 0x1000
    [+] mmap: 0xb7d90000 .. 0xb7dc2000
    [+] root
    $ whoami
    root

    Can anyone explain this? I am looking for information but everyone is so busy fighting the fire I haven't seen anyone post who has not got the exploit.

    Thanks in advance.




  2. Re: [Help] Current Kernel Exploit - Explaination?!?!?!

    On Tue, 12 Feb 2008 23:38:13 +0000 (UTC), Doug Mitton wrote:

    >I'm running a custom made kernel 2.6.24.


    Update to 2.6.24.2 for the fix.

    ....
    >[-] vmsplice: No such file or directory
    >dmitton:~/exploit080212$


    Yeah, the exploit failed here too, I updated the kernel to be on
    the safe side.

    Grant.
    --
    http://bugsplatter.mine.nu/

  3. Re: [Help] Current Kernel Exploit - Explaination?!?!?!

    Grant wrote:

    >On Tue, 12 Feb 2008 23:38:13 +0000 (UTC), Doug Mitton wrote:
    >
    >>I'm running a custom made kernel 2.6.24.

    >
    >Update to 2.6.24.2 for the fix.
    >
    >...
    >>[-] vmsplice: No such file or directory
    >>dmitton:~/exploit080212$

    >
    >Yeah, the exploit failed here too, I updated the kernel to be on
    >the safe side.
    >
    >Grant.


    Thanks! I installed kernel 2.6.24.2 and have the same response to the
    `exploit` command. I'll have to keep looking for an explaination of
    the issue from a "technical" perspective. Maybe I'm not even using
    the feature.

    PS. This group has been "Banned" by my usual NNTP server due to SPAM
    complaints. I'm trying an alternative server to do this post.
    --
    ------------------------------------------------
    http://www3.sympatico.ca/dmitton
    SPAM Reduction: Remove "x." from my domain.
    ------------------------------------------------

  4. Re: Current Kernel Exploit - Explaination?!?!?!

    On Feb 14, 2:23 pm, Doug Mitton wrote:
    > Grant wrote:
    > >On Tue, 12 Feb 2008 23:38:13 +0000 (UTC), Doug Mitton wrote:

    >
    > >>I'm running a custom made kernel 2.6.24.

    >
    > >Update to 2.6.24.2 for the fix.

    >
    > >...
    > >>[-] vmsplice: No such file or directory
    > >>dmitton:~/exploit080212$

    >
    > >Yeah, the exploit failed here too, I updated the kernel to be on
    > >the safe side.

    >
    > >Grant.

    >
    > Thanks! I installed kernel 2.6.24.2 and have the same response to the
    > `exploit` command. I'll have to keep looking for an explaination of
    > the issue from a "technical" perspective. Maybe I'm not even using
    > the feature.


    As I understand it, the vmsplice() syscall is only available if you've
    enabled virtualization support in the kernel. If you haven't compiled
    your kernel with KVM enabled, you are safe from this exploit.



  5. Re: Current Kernel Exploit - Explaination?!?!?!

    lpitcher@teksavvy.com wrote:
    > On Feb 14, 2:23 pm, Doug Mitton wrote:
    >> Grant wrote:
    >> >On Tue, 12 Feb 2008 23:38:13 +0000 (UTC), Doug Mitton wrote:

    >>
    >> >>I'm running a custom made kernel 2.6.24.

    >>
    >> >Update to 2.6.24.2 for the fix.

    >>
    >> >...
    >> >>[-] vmsplice: No such file or directory
    >> >>dmitton:~/exploit080212$

    >>
    >> >Yeah, the exploit failed here too, I updated the kernel to be on
    >> >the safe side.

    >>
    >> >Grant.

    >>
    >> Thanks! I installed kernel 2.6.24.2 and have the same response to the
    >> `exploit` command. I'll have to keep looking for an explaination of
    >> the issue from a "technical" perspective. Maybe I'm not even using
    >> the feature.

    >
    > As I understand it, the vmsplice() syscall is only available if you've
    > enabled virtualization support in the kernel. If you haven't compiled
    > your kernel with KVM enabled, you are safe from this exploit.


    I'm not aware that this is true. The exploit worked for me on all
    pre-patched systems I tried it on, all custom-built kernels with no
    virtualization. The vmsplice() code (in the kernel source fs/splice.c)
    seems to me to be unconditionally included.

    When I ran the exploit on a patched system, it fails with: Bad address.

+ Reply to Thread