Hi, y'all with ninja skills: was that a real local root for "Linux
Kernel <= 2.4.28, <= 2.6.10" that I should be worried about, or just a
really odd example of Net Theatre?
I did attempt my own homework, but haven't figured it out.
I'm not surprised that " v = (void*) (addr + (ENTRY_GATE*LDT_ENTRY_SIZE
% PAGE_SIZE) ); " doesn't return "0xdeadbabe", but that seems like an
awfully elaborate bit of code to perpetrate a hoax, and there's no
apparent trojan activity when it runs, just something like:
[+] moved stack bfffe000, task_size=c0000000, map_base=bf800000
cat /proc/1174/maps
[+] exploit thread running pid=1175
[-] FAILED: try again (Cannot allocate memory)
Way anticlimactic.
Playing with RACEDELTA didn't obviously matter with a 2.4.18-3 or
2.4.18-3smp kernel. With 2.4.20-28.8 and whatever kernel SUSE
9.whatever has, gcc notices that multiply-defined old_esp and won't
build as-is. "Fixing" old_esp yielded the same results as with 2.4.18.
Anyway - that code, whatever it is, is beyond my attention span. I'm not
begging for the real MAGIC value, (tho' that'd be fun to play with),
but, sensei: wassup? Do I really have to update any box with shell
access?
Many thanks,
Surreal
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Intro
