h00lyshit

azz… me ne sto’ in ferie una settimana ed esce uno degli 0day peggiori degli ultimi tempi :-/

fabio@gnu:~$ ./h00lyshit /opt/movie/stallman/stallman_20050224.avi

preparing
trying to exploit /opt/movie/stallman/stallman_20050224.avi

sh-3.1# id
uid=0(root) gid=1000(fabio)
groups=4(adm),24(cdrom),29(audio),44(video),112(scard),1000(fabio),9904(grtpe)
sh-3.1# exit

FIX: (fino alla ricompilazione del kernel)

fabio@gnu:~$ sudo mount -o remount,nosuid /proc/
Password:
fabio@gnu:~$ ./h00lyshit /opt/movie/stallman/stallman_20050224.avi

preparing
trying to exploit /opt/movie/stallman/stallman_20050224.avi

sh-3.1$ id
uid=1000(fabio) gid=1000(fabio)
groups=4(adm),24(cdrom),29(audio),44(video),112(scard),1000(fabio),9904(grtpe)

2 thoughts on “h00lyshit

  1. Strano: a me (con kernel Debian 2.6.17-1-k7) fallisce miseramente con:
    emanuele@gnube:~$ ./h00lyshit /d2/video/SafeKiss.avi

    preparing
    trying to exploit /d2/video/SafeKiss.avi

    mmap: Cannot allocate memory
    … eppure i kernel vunerabili dovrebbero essere fino al 2.6.17.4! Mah!

Leave a Reply

Your email address will not be published. Required fields are marked *