From: codeQ (newsclientteamq.info)
Date: Thu May 12 2005 - 12:52:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I wasn't able to make it work either, getting exactly the same output
(without GCC's warnings). I'm on a Debian 2.6.11-7 kernel. I just tested
but really didn't even look what it failed, not even gdb'ed the core.

If someone notices what's wrong on the POC please, let me know.

Thanks,
Pablo Fernandez

attached mail follows:

On 5/11/05, Paul Starzetz <ihaquerisec.pl> wrote:
> since it became clear from the discussion in January about the uselib()
> vulnerability, that the Linux community prefers full, non-embargoed
> disclosure of kernel bugs, I release full details right now. However to
> follows at least some of the responsable disclosure rules, no exploit code will be
> released. Instead, only a proof-of-concept code is released to demonstrate
> the vulnerability.

Paul, I was unable to make it work on my amd64.
Running Gentoo on kernel 2.6.11.
This was the output:

[+] Compiling...elfcd1.c: In function `main':
elfcd1.c:48: warning: implicit declaration of function `strlen'
elfcd1.c:54: warning: implicit declaration of function `memset'
elfcd1.c:60: warning: implicit declaration of function `strcmp'
/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3/../../../../x86_64-pc-linux-gnu/bin/ld:
warning: i386:x86-64 architecture of input file `/tmp/ccSCdKeo.o' is
incompatible with i386 output

[+] ./elfcd1 argv_start=0x7ffffffff451 argv_end=0x7ffffffff459 ESP: 0xfffff0e0
[+] phase 1
[+] AAAA argv_start=0x7fffffff6fea argv_end=0x7fffffff6fee ESP: 0xffff6de0
[+] phase 2, <RET> to crash Segmentation fault (core dumped)

--
Bruno Lustosa, aka Lofofora | Email: brunolustosa.net
Network Administrator/Web Programmer | ICQ: 1406477
Rio de Janeiro - Brazil |

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]