|
Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
|
|
|
|
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â |
±Û¾´ÀÌ |
¸Þ½ÃÁö |
truefeel Ä«Æä °ü¸®ÀÚ
°¡ÀÔ: 2003³â 7¿ù 24ÀÏ ¿Ã¸° ±Û: 1277 À§Ä¡: ´ëÇѹα¹
|
¿Ã·ÁÁü: 2008.2.11 ¿ù, 11:25 pm ÁÖÁ¦: ¸®´ª½º Ä¿³Î 2.6.17~2.6.24.1ÀÇ root±ÇÇÑ È¹µæ ¹ö±× ¹ß°ß |
|
|
¸®´ª½º Ä¿³Î 2.6.17ºÎÅÍ 2.26.24.1 ±îÁöÀÇ vmsplice() ÄÝÀÇ ¹ö±×·Î ·ÎÄÿ¡¼ root ±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖ´Ù. KLDP¿¡µµ ³ª¿ÍÀÖµíÀÌ, milw0rm¿¡´Â 2°³ÀÇ local root exploit Äڵ尡 °ø°³µÇ¾î ÀÖ´Ù. Å×½ºÆ®°á°ú ³Ê¹« ½±°Ô root ±ÇÇÑÀÌ È¹µæµÇ¾ú´Ù.
ÄÚµå: |
$ uname -r
2.6.18-8.1.8.el5
$ ./exploit
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7ee1000 .. 0xb7f13000
[+] root
# id
uid=0(root) gid=0(root) groups=501(truefeel)
#
|
°³Àλç¿ëÀÚ³ª ¿ÜºÎ Á¢±ÙÀÌ Á¦ÇÑµÈ ½Ã½ºÅÛÀº ±×³ª¸¶ ´ÙÇàÀε¥, Ä¿³Î 2.6.xÀ» »ç¿ëÇϴ ȣ½ºÆþ÷ü³ª °øµ¿ »ç¿ë ¼¹ö´Â »¡¸® ´ëóÇؾßÇÒ °ÍÀÌ´Ù. Ä¿³Î ÆÐÄ¡¸¦ Àû¿ëÇÏ¿© ¸®ºÎÆÃÀ» ÇؾßÇÒ °ÍÀ̳ª ÀçºÎÆÃÇÒ ¼ö ¾ø´Â ¼¹öµµ ÀÖÀ» °ÍÀÌ´Ù. ÀÌ ¶© Àӽà ¸Þ¸ð¸® ÆÐÄ¡ ¿Í hkpco´ÔÀÇ ¹æ¾î Ä¿³Î ¸ðµâ À» ÀÌ¿ëÇÏ¸é µÈ´Ù.
* °ü·Ã±Û
http://kldp.org/node/90926 (ÀÌÀºÅ´Ô)
http://barosl.com/blog/entry/linux-vmsplice-local-root-exploit (·£´ý¿©½Å´Ô)
http://www.carstory.co.kr/474 (hkpco´Ô) |
|
À§·Î |
|
|
truefeel Ä«Æä °ü¸®ÀÚ
°¡ÀÔ: 2003³â 7¿ù 24ÀÏ ¿Ã¸° ±Û: 1277 À§Ä¡: ´ëÇѹα¹
|
¿Ã·ÁÁü: 2008.2.13 ¼ö, 7:06 pm ÁÖÁ¦: À̹ø º¸¾È¹®Á¦ÀÇ RHEL5 , CentOS 5 ÀÇ ÆÐÄ¡ Ä¿³Î ³ª¿È |
|
|
°ü·Ã Á¤º¸´Â ´ÙÀ½ 2°³ÀÇ ¹®¼¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.
* http://lists.centos.org/pipermail/centos-announce/2008-February/014684.html
* https://rhn.redhat.com/errata/RHSA-2008-0129.html
update ÇÏ¸é ´ÙÀ½°ú °°ÀÌ Ä¿³Î ¹öÀüÀ» ¾÷±×·¹À̵å ÇÑ´Ù.
ÄÚµå: |
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
kernel i686 2.6.18-53.1.13.el5 updates 13 M
kernel-devel i686 2.6.18-53.1.13.el5 updates 4.7 M
Updating:
kernel-headers i386 2.6.18-53.1.13.el5 updates 785 k
=============================================================================
|
¾÷±×·¹À̵å ÈÄ ÇØ´ç exploit À» ½ÇÇàÇÑ °á°ú, ´ÙÀ½°ú °°ÀÌ ÇØ°áµÇ¾úÀ½À» È®ÀεǾú´Ù.
ÄÚµå: |
$ uname -r
2.6.18-53.1.13.el5
$ ./exploit
... »ý·« ...
[-] vmsplice: Bad address
$
|
|
|
À§·Î |
|
|
|
|
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù ´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù ¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù
|
Powered by phpBB © 2001, 2005 phpBB Group
|