½Ã½ºÅÛ°ü¸®ÀÚÀÇ ½°ÅÍ Ä¿ÇǴнº Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
 FAQFAQ   °Ë»ö°Ë»ö   ¸â¹ö¸®½ºÆ®¸â¹ö¸®½ºÆ®   »ç¿ëÀÚ ±×·ì»ç¿ëÀÚ ±×·ì   »ç¿ëÀÚ µî·ÏÇϱâ»ç¿ëÀÚ µî·ÏÇϱâ 
 °³ÀÎ Á¤º¸°³ÀÎ Á¤º¸   ºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀ   ·Î±×Àηα×ÀΠ

°¡ÀÔ¾øÀÌ ´©±¸³ª ±ÛÀ» ¾µ ¼ö ÀÖ½À´Ï´Ù. °øÁö»çÇ׿¡ ´ëÇÑ ´ñ±Û±îÁöµµ..




BBS >> ¼³Ä¡, ¿î¿µ Q&A | ³×Æ®¿÷, º¸¾È Q&A | ÀÏ¹Ý Q&A || Á¤º¸¸¶´ç | AWS || ÀÚÀ¯°Ô½ÃÆÇ | ±¸Àα¸Á÷ || °øÁö»çÇ× | ÀÇ°ßÁ¦½Ã
¸®´ª½º, ·ÎÄÿ¡¼­ root±ÇÇÑ È¹µæ Ãë¾àÁ¡ (sock_sendpage() ¹®Á¦)

 
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â  
±Û¾´ÀÌ ¸Þ½ÃÁö
sCag
¼Õ´Ô





¿Ã¸®±â¿Ã·ÁÁü: 2009.8.17 ¿ù, 2:35 pm    ÁÖÁ¦: ¸®´ª½º, ·ÎÄÿ¡¼­ root±ÇÇÑ È¹µæ Ãë¾àÁ¡ (sock_sendpage() ¹®Á¦) Àοë°ú ÇÔ²² ´äº¯

¸®´ª½º sock_sendpage() ÇÔ¼ö ¹®Á¦·Î ÀÎÇØ local¿¡¼­ root±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ ¹ßÇ¥µÇ¾ú´Ù. ÀÌ¹Ì exploitµµ °ø°³µÈ »óÅÂ

1. ±âº» Á¤º¸


2. Á¶Ä¡ »çÇ×
    1) ÀÓ½Ã
    http://rfxn.com/downloads/set_mmap_minaddr ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇؼ­ Àӽ÷ΠĿ³Î Æĸ®¹ÌÅ͸¦ Æ©´×ÇÑ´Ù.
    ÀÌ ½ºÅ©¸³Æ®´Â /proc/sys/vm/mmap_min_addr ÆÄÀÏÀÌ ÀÖ´Ù¸é(Áï, mmap_min_addr ±â´ÉÀÌ ÀÖ´Â Ä¿³Î)
    sysctlÀ» ÀÌ¿ëÇؼ­ °ªÀ» 4096À¸·Î ¼³Á¤ÇÑ´Ù.
    mmap_min_addr ±â´ÉÀÌ ÀÖ´Â Ä¿³ÎÀº vm.mmap_min_addr °ªÀÌ 0 º¸´Ù Å« °ªÀÏ °æ¿ì Ãë¾àÁ¡À» ¸·À» ¼ö Àֱ⠶§¹®ÀÌ´Ù.

    Ubuntu 9.04, CentOS 5.3 µîÀº ÀÌ °ªÀÌ 65536ÀÓ.

    Àοë:

    $ sysctl vm.mmap_min_addr
    vm.mmap_min_addr = 65536


    2) µ¥ºñ¾È Ä¿³Î ¾÷µ¥ÀÌÆ®

    DSA-1864-1 linux-2.6.24 -- privilege escalation
    http://www.debian.org/security/2009/dsa-1864
    DSA-1862-1 linux-2.6 -- privilege escalation
    http://www.debian.org/security/2009/dsa-1862


3. exploitÀÌ ¾ÈµÇ´Â °æ¿ì

Àοë:

°æ¿ì 1)
$ ./wunderbar_emporium.sh
[+] Personality set to: PER_SVR4
Pulseaudio does not exist!

°æ¿ì 2)

$ ./wunderbar_emporium.sh
[+] MAPPED ZERO PAGE!
[+] Resolved commit_creds to 0xc0135793
[+] Resolved prepare_kernel_cred to 0xc013593b
unable to find a vulnerable domain, sorry
$



8.17(¿ù) Ä¿ÇǴнº¿¡¼­ À̾߱âµÈ ³»¿ëÀ» °£´ÜÈ÷ Á¤¸®
À§·Î
ÀÌÀü ±Û Ç¥½Ã:   
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸ ½Ã°£´ë: GMT + 9 ½Ã°£(Çѱ¹)
ÆäÀÌÁö 1 Áß 1

 
°Ç³Ê¶Ù±â:  
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù
¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù
ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù


Powered by phpBB © 2001, 2005 phpBB Group