4位系统Linux内核的32位兼容模式发现有一个漏洞,可被利用提升权限。大部分发行版已经发布了修复补丁,没打补丁的64位Linux用户最好尽快更新,因为一位名叫Ac1db1tch3z的黑客已经发布了攻击代码,允许任何本地用户能访问root shell。这位黑客的恶意代码还在系统中留下了一个后门,即使系统以后打上补丁它无法封住入侵。
Ac1db1tch3z vs x86_64 Linux Kernel
--------------------------------------------------------------------------------
From: ac1db1tch3z () gmail com
Date: Wed, 15 Sep 2010 22:08:23 -0700 (PDT)
--------------------------------------------------------------------------------
/*
Ac1dB1tch3z Vs Linux Kernel x86_64 0day
Today is a sad day..
R.I.P.
Tue, 29 Apr 2008 / Tue, 7 Sep 2010
a bit of history:
MCAST_MSFILTER Compat mode bug found... upon commit! (2 year life on this one)
author David L Stevens <dlstevens () us ibm com>
Tue, 29 Apr 2008 10:23:22 +0000 (03:23 -0700)
committer David S. Miller <davem () davemloft net>
Tue, 29 Apr 2008 10:23:22 +0000 (03:23 -0700)
This patch adds support for getsockopt for MCAST_MSFILTER for
both IPv4 and IPv6. It depends on the previous setsockopt patch,
and uses the same method.
Signed-off-by: David L Stevens <dlstevens () us ibm com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji () linux-ipv6 org>
Signed-off-by: David S. Miller <davem () davemloft net>
------------------------------------------------------------
Thanks you for signing-off on this one guys.
This exploit has been tested very thoroughly
over the course of the past few years on many many targets.
Thanks to RedHat for being nice enough to backport it into early
kernel versions (anything from later August 2008+)
Ac1dB1tch3z would like to say FUCK YOU Ben Hawkes. You are a new hero! You saved the
plan8 man. Just a bit too l8.
PS:
OpenVZ Payload / GRsec bypass removed for kidiots and fame whores. (same thing right ;))
*/
Exploit attached. Another 0day bites the dust and goes into our public exploit pack :)
Ac1dB1tch3z brings you ABftw.c - Linux Kernel x86_64 local not0dayanymore exploit.
Attachment: ABftw.c
Description: