Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Security and Privacy
Reload this Page Linux Local Privilege Escalation via SUID /proc/pid/mem Write
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 23rd January 2012, 07:17 AM
mmix Offline
Registered User
  
Join Date: Aug 2009
Posts: 742
linuxfirefox
Linux Local Privilege Escalation via SUID /proc/pid/mem Write
http://blog.zx2c4.com/749

Quote:
Introducing Mempodipper, an exploit for CVE-2012-0056. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process’s virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels >=2.6.39 are vulnerable, up until the fix commit for it a couple days ago.
Reply With Quote
  #2  
Old 23rd January 2012, 12:13 PM
birdwatcher
Guest
  
Posts: n/a
macoschrome
Re: Linux Local Privilege Escalation via SUID /proc/pid/mem Write
That seems badass, but does this require a user with su/sudo privilegies to work? : P
Reply With Quote
  #3  
Old 26th January 2012, 08:19 PM
birdwatcher
Guest
  
Posts: n/a
macoschrome
Re: Linux Local Privilege Escalation via SUID /proc/pid/mem Write
He posted some update about fedora:

Quote:
Update 2: as it turns out, Fedora very aptly compiles their su with PIE, which defeats this attack. They do not, unfortunately, compile all their SUID binaries with PIE, and so this attack is still possible with, for example, gpasswd. The code to do this is in the “fedora” branch of the git repository, and a video demonstration is also available.
Sounds like almost a pass. In your face Ubuntu.
Reply With Quote
Reply

Tags
escalation, linux, local, or proc or pid or mem, privilege, suid, write

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
linux user privilege (rigths) cbads Linux Chat 3 29th April 2008 07:21 AM
Linux to Linux smb share write access problem earlboy Servers & Networking 12 2nd May 2007 07:24 PM
Help requried to write the decrypted ipsec packets to the local disk. ahm_irf Security and Privacy 0 22nd February 2007 10:03 AM


Current GMT-time: 21:45 (Wednesday, 22-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat