I tried modifying the exploit not to use /dev/shm... but this is wat happens:
~$ ./a.out
[+] SLAB cleanup child 1 VMAs 287 [+] moved stack bfffe000, task_size=0xc0000000, map_base=0xbf800000 [+] vmalloc area 0xc5000000 - 0xc9d17000 Wait... | [+] race won maps=6768 expanded VMA (0xbfffc000-0xffffe000) [!] try to exploit 0xc594b000 [+] gate modified ( 0xffec94bf 0x0804ec00 ) [+] exploited, uid=0
sh-2.05a$ whoami arnaud sh-2.05a$ mount /dev/hda1 on / type ext2 (rw,errors=remount-ro) proc on /proc type proc (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/hda2 on /home type ext3 (rw) $sh-2.05a$ echo $UID 0
It says it did exploit but it didn't...
A.
Try doing something that would require root (eg.. mount something, create a file in /, etc)
smime.p7s
Description: S/MIME Cryptographic Signature
