Re: [Full-Disclosure] Linux kernel uselib() privilege elevation, corrected

From: Athanasius (
Date: 01/11/05

  • Next message: Soderland, Craig: "RE: [Full-Disclosure] Firespoofing [Firefox 1.0]"
    Date: Tue, 11 Jan 2005 14:20:52 +0000
    To: Marcy Darcy <>

    On Tue, Jan 11, 2005 at 07:56:32AM +0000, Marcy Darcy wrote:
    > I'm running a small server with the 2.6.10 kernel.
    > The exploit doesen't seem to be working on this kernel. Is there a way
    > to make sure the sistem is vulnerable or not?

      I couldn't get the exploit to work for 2.6.10 either. First there's
    changing a struct in it to user_desc to make it compile, then it just
    SEGVs all the time here.
      This is quite apart from the fact it's trying to exploit a race
    condition and as such can take a lot of attempts in a loop to actually
    work anyway (must have hit it on the 50th or more iteration on my 2.4.28
      Anyone got working exploit code for 2.6.10 ?


    - Athanasius = Athanasius(at) /
                      Finger athan(at) for PGP key
    	   "And it's me who is my enemy. Me who beats me up.
    Me who makes the monsters. Me who strips my confidence." Paula Cole - ME


    Full-Disclosure - We believe in it.

  • Next message: Soderland, Craig: "RE: [Full-Disclosure] Firespoofing [Firefox 1.0]"

    Relevant Pages

    • NFS problems with through 2.5.x to 2.6.0-test9
      ... When the server is running the ... kernel, as a client the 2.6 series seem to work perfectly, excluding ... Interesting problem arose when I attempted switch the server's kernel to ... with and without nfsv4 support compiled in (was considering testing it at ...
    • [Summary] SunRay server failure
      ... SunRay Server Software 1.3 ... Kernel: panic: AutoRenewDHCP: IPA lease expired -- must restart ...
    • Re: Managing "capabilities" for security
      ... a capability to 100 other tasks. ... The kernel is unaware that I have made these transfers -- it's ... expanded the ticket to include an "authorized user" field which ... kernel pass it on to the service and rely on the *server* to ...
    • Re: FC14 to FC15 Preinstall stuck, replond.xml and repos NOT updated!
      ... server, web server, ftp server, router, desktops, and had a lot of fun, ... I never want to hear that "Dump Fedora" stuff ... system to at least run an FC15 kernel so I can get back into X again. ...
    • Re: NFS EINVAL on open(... | O_TRUNC) on
      ... The bug (userspace server side i would say at this point) is well described from the author of an nfs-user-server patch which has not been managed yet. ... The nfs patch is of course waiting for commit since august, ... What isn't quite clear to me is whether this commit causes your user- space server to start failing suddenly, or it causes the client to start sending the special non-standard time stamps in the SETATTR request. ... it would be helpful if you could run this test with a constant kernel version on one side while varying it on the other. ...