|
Full Disclosure
mailing list archives
Re: Linux kernel do_mremap() proof-of-concept exploit code
From: Ariel Biener <ariel () fireball tau ac il>
Date: Wed, 7 Jan 2004 02:12:55 +0200 (IST)
On Mon, 5 Jan 2004, Christophe Devine wrote:
Hi,
I tested it on various machines, including single/dual pIII,
single/dual Xeon P4, etc.
I only managed to either freeze the machine or reboot it.
However, since this compiled binary needs to special permissions to be
affective, I have found out that on any mail server where the user can
edit his .procmailrc or .forward in this home directory (typical
deparmental or even campus Linux mail servers at academic institutes), and
do the following:
:0
* ^Subject: reboot
| /path/to/homedir/do_remap
Then, at his convenience, all he/she needs to do is send an e-mail to
themselves with the subject reboot, and voilla, either the mail servers
reboots or goes caput (freezes). Nasty.
--Ariel
The following program can be used to test if a x86 Linux system
is vulnerable to the do_mremap() exploit; use at your own risk.
--
Ariel Biener
e-mail: ariel () post tau ac il
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
Re: Linux kernel do_mremap() proof-of-concept exploit code Ariel Biener (Jan 06)
Re: Linux kernel do_mremap() proof-of-concept exploit code Angelo Dell'Aera (Jan 07)
Re: Linux kernel do_mremap() proof-of-concept exploit code over_g (Jan 06)
Re: Linux kernel do_mremap() proof-of-concept exploit code Alex (Jan 06)
RE: Linux kernel do_mremap() proof-of-concept exploit code Bryce Porter (Jan 07)
|
Intro
