Hi, On Mon, Nov 07, 2016 at 06:54:55PM +0300, Ozgur wrote: > Hi all, > > I have been reading security articles and I seen a test with Debian Linux > vulnerability of kernel. I tested and given a successful exploit. > > List a vuln: > > https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs > > My testing: > > dirtycow.c (status: success) > cowroot.c (status: success) > > For example, I have installed Debian and kernel version are as follow: > > Linux 3.16.0-4-amd64 (Debian 8.6) > > I created a "zoo" file with root privileges and locked a file: > > # echo I'm a root > foo > # chmod 0404 foo > # ls -la foo > -r-----r-- 1 root root 11 Nov 7 10:13 foo > > then I'm return my user (not root) and I downloaded the exploit script and > run it: > > $ gcc -pthread dirtyc0w.c -o dirtyc0w > $ ./dirtyc0w foo blabla > $ cat foo > blabla > > what is the suggestion on this exploit?
Have you installed the Kernel update as per the security advisory DSA-3696-1? Which kernel image do you have installed, which kernel is running? [0] https://www.debian.org/security/2016/dsa-3696 Regards, Salvatore
