Thursday, September 17, 2009

Linux Kernel 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver)

5:01 AM  matthews  

/* second verse, same as the first
CVE-2009-2698 udp_sendmsg(), x86/x64
Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at
NULL and finding it executed
This exploit is a bit more nuanced and thoughtful ;)
use ./therebel.sh for everything

At this moment, when each of us must fit an arrow to his bow and
enter the lists anew, to reconquer, within history and in spite of it,
that which he owns already, the thin yield of his fields, the brief
love of the earth, at this moment when at last a man is born, it is
time to forsake our age and its adolescent furies. The bow bends;
the wood complains. At the moment of supreme tension, there will
leap into flight an unswerving arrow, a shaft that is inflexible and
free. -Camus
*/

main: http://grsecurity.net/~spender/therebel.tgz
back: http://milw0rm.com/sploits/2009-therebel.tgz

Posted in:
Twitter Delicious Facebook Digg Stumbleupon Favorites More