POC proof-of-concept exploit code for a recently spotted privilege escalation flaw CVE-2012-0056 ( POC Linux privilege escalation exploits ) in the Linux kernel has left Linux vendors scrambling to push out a patch.
As per POC Linux privilege escalation exploits papers flaw affects versions 2.6.39 and above of the Linux kernel code, and the OS’ creator Linus Torvalds published a patch on the official Linux kernel repository more than a week ago.
What is CVE-2012-0056 PoC Linux privilege escalation
/proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process’s virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels >=2.6.39 are vulnerable, up until the fix commit for it a couple days ago.
There are no restrictions on opening; anyone can open the /proc/pid/mem fd for any process (subject to the ordinary VFS restrictions). It simply makes note of the original process’s self_exec_id that it was opened with and stores this away for checking later during reads and writes.
A video tutorial on CVE-2012-0056 PoC Linux privilege escalation exploits
Click here to read more on PoC Linux privilege escalation exploits
Searches leading to this post:
metasploit privilege escalation linux
{ 0 comments… add one now }