Linux Kernel < 2.6.19 (x86/x64) - 'udp_sendmsg' Local Privilege Escalation (2)

EDB-ID:

9574

Author:

spender

Type:

local

Platform:

Linux

Published:

2009-09-02

/* second verse, same as the first
   CVE-2009-2698 udp_sendmsg(), x86/x64
   Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at 
   NULL and finding it executed
   This exploit is a bit more nuanced and thoughtful ;)
   use ./therebel.sh for everything

   At this moment, when each of us must fit an arrow to his bow and 
   enter the lists anew, to reconquer, within history and in spite of it,
   that which he owns already, the thin yield of his fields, the brief 
   love of the earth, at this moment when at last a man is born, it is 
   time to forsake our age and its adolescent furies.  The bow bends; 
   the wood complains.  At the moment of supreme tension, there will 
   leap into flight an unswerving arrow, a shaft that is inflexible and 
   free.  -Camus
*/

main: http://grsecurity.net/~spender/therebel.tgz
back: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/9574.tgz (2009-therebel.tgz)

# milw0rm.com [2009-09-02]