Re: Linux kernel do_brk() proof-of-concept exploit code

To: Christophe Devine <DEVINE@xxxxxxxxxxx>
Subject: Re: Linux kernel do_brk() proof-of-concept exploit code
From: Calum <bugtraq@xxxxxxxxxxxxxxx>
Date: Tue, 2 Dec 2003 17:21:13 +0000
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <Pine.VMS.3.91-b11-vms.1031202031221.13520A-100000@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <Pine.VMS.3.91-b11-vms.1031202031221.13520A-100000@xxxxxxxxxxxxxxxxxx>
User-agent: KMail/1.5.2

On Tuesday 02 December 2003 3:16 am, Christophe Devine wrote:

> The following program can be used to test if a x86 Linux system
> is vulnerable to the do_brk() exploit; use at your own risk.

This POC code needs nasm greater than 0.98.36, otherwise you get the following 
error when trying to compile it.

exploit@womble exploit $ nasm -v
NASM version 0.98.36 compiled on Jul 17 2003
exploit@womble exploit $ nasm brk_poc.asm -o a.out
brk_poc.asm:5: error: attempt to set a negative program origin

It works with 0.98.38.

-- 

The early bird may get the worm, but the second mouse gets the cheese.
http://gk.umtstrial.co.uk/~calum/

References:
- Linux kernel do_brk() proof-of-concept exploit code
  - From: Christophe Devine

Prev by Date: IBM Directory Server 4.1 Web Admin Gui (ldacgi.exe) XSS Vulnerability
Next by Date: [slackware-security] Kernel security update (SSA:2003-336-01)
Previous by thread: Linux kernel do_brk() proof-of-concept exploit code
Next by thread: [RHSA-2003:335-01] Updated Net-SNMP packages fix security and other bugs
Index(es):
- Date
- Thread