Linux Kernel 2.x sock_sendpage() Local Ring0 Root Exploit

ID 1337DAY-ID-8060
Type zdt
Reporter spender
Modified 2009-08-14T00:00:00


Exploit for linux platform in category local exploits

Linux Kernel 2.x sock_sendpage() Local Ring0 Root Exploit

/* dedicated to my best friend in the whole world, Robin Price
   the joke is in your hands

   just too easy -- some nice library functions for reuse here though

   credits to julien tinnes/tavis ormandy for the bug

   may want to remove the __attribute__((regparm(3))) for 2.4 kernels,
   I have no time to test

[email protected]:~$ cat redhat_hehe
I bet Red Hat will wish they closed the SELinux vulnerability when they
were given the opportunity to.  Now all RHEL boxes will get owned by
leeches.c :p


thanks to Dan Walsh for the great SELinux bypass even on "fixed" SELinux 

and nice work Linus on trying to silently fix an 8 year old 
vulnerability, leaving vendors without patched kernels for their users.

  use ./ for everything



# [2018-01-10]  #