I can't get the Linux kernel RDS exploit to exploit my machine...

Thu, 21 Oct 2010 14:50:06 -0700
I installed my kernel back on 01-Oct, so it should be vulnerable, but it's not, even when I modprobed the rds modules. 

http://www.zdnet.com/blog/security/linux-kernel-vulnerability-coughs-up-superuser-rights/7509

$ apt-cache policy linux-image-2.6.32-5-amd64
linux-image-2.6.32-5-amd64:
  Installed: 2.6.32-24
  Candidate: 2.6.32-26
  Version table:
     2.6.32-26 0
        500 http://mirrors.kernel.org/debian/ sid/main amd64 Packages
 *** 2.6.32-24 0
        100 /var/lib/dpkg/status

$ uname -r
2.6.32-5-amd64

$ cat /etc/debian_version
squeeze/sid

$ grep RDS /boot/config-2.6.32-5-amd64
CONFIG_RDS=m
CONFIG_RDS_RDMA=m
CONFIG_RDS_TCP=m
# CONFIG_RDS_DEBUG is not set

# modprobe rds
# modprobe rds_tcp
# modprobe rds_rdma

$ lsmod | grep rds
rds_rdma               56776  0
rdma_cm                20582  1 rds_rdma

ib_core                40967  6 
rds_rdma,rdma_cm,ib_cm,iw_cm,ib_sa,ib_mad

rds_tcp                 8260  0
rds                    70414  2 rds_rdma,rds_tcp

$ wget http://www.vsecurity.com/download/tools/linux-rds-exploit.c

--2010-10-21 10:18:35-- 
http://www.vsecurity.com/download/tools/linux-rds-exploit.c

Resolving www.vsecurity.com... 209.67.252.12
Connecting to www.vsecurity.com|209.67.252.12|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6435 (6.3K) [text/x-c]
Saving to: “linux-rds-exploit.c”


100%[=================================================================>] 
6,435       33.4K/s   in 0.2s



2010-10-21 10:18:36 (33.4 KB/s) - “linux-rds-exploit.c” saved 
[6435/6435]


$ ./a.out
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses...
 [+] Resolved rds_ioctl to 0xffffffffa1009000
 [+] Resolved commit_creds to 0xffffffff81069235
 [+] Resolved prepare_kernel_cred to 0xffffffff81069138
[*] Failed to resolve kernel symbols.

$ sudo ~me/a.out
[sudo] password for me:
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses...
 [+] Resolved rds_ioctl to 0xffffffffa1009000
 [+] Resolved commit_creds to 0xffffffff81069235
 [+] Resolved prepare_kernel_cred to 0xffffffff81069138
[*] Failed to resolve kernel symbols.


--
Seek truth from facts.


--

To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4cc0b577.3090...@cox.net























					Reply via email to