Linux 2.6.31 perf_counter x86/x64 Local Root Exploit with SELinux user_u defeat and disabling
Loading...
Uploaded by spendergrsec on Sep 18, 2009
In this video I demonstrate a different method of exploiting the recent perf_counter vulnerability where it doesn't require a NULL mapping. The technique is from nemo, credits to him: it seems quite stable on both single and multi-processor machines (it's been 100% reliable so far). To further demonstrate how easy the vulnerability can be exploited in the face of access control mechanisms, I exploit the vulnerability in the restricted user_u role of SELinux on a fully patched FC11 (which prevents execution of any suid app, among many other things), bypassing execmem restrictions, and finally disable SELinux completely.
Link to this comment:
Uploader Comments (spendergrsec)
All Comments (7)
-
no taste for music...
-
Hmm i'm not sure if is your exploit because i use it :) this exploits.. maybe i'm wrong but not sure :) RULLz the Emporium exploit.
-
lool i want any local root 2011
can you send me?
-
Spengler, you are exploit God. It is sort of disappointing that all the MAC systems on Linux/BSD are worthless. These exploits prove it. Good work.
-
answering to myself: i have an idea, just need to code it ... :-)
-
nice!
I wrote an exploit (my first one) by myself, and it worked
very well. I couldn't figure out, how to do it without the zero
mapping, which is obsolete in my opinion. I'am not so familiar
with race conditions. Could you give me some hints, how it is done?
3 videos
YouTube Mix for Elysium
2:18grsec local root exploit 2010by dogmaroot1,852 views
- 2:17linux kernel exploit 2.6.18, 2.6.32 - 2.6.39 7/...by MrMisterambiguity2,136 views
- 19:14Linux Permissions - POSIX, chmod, chown, chgrpby cgermany774,156 views
- 1:182.6.26-2 2011 x86_64 GNU Linux Local root By GH...by ghst617,420 views
- 7:11How to hack linux server and get root accessby xdccbot7,779 views
- 4:06Kioptrix Level 1 - Gaining Root ~ Phr34kby Phr34kTheWorld516 views
- 2:29root exploit 2.6.26 2009by hardhakerz2,349 views
- 6:11Selinux panicby Gekitsuu521 views
- 1:12Linux Kernel 2.6 Exploitby AAACCChannel7,562 views
- 2:44Linux Tutorial: The Power of the Linux Find Com...by NixiePixel450,114 views
- 1:51metak metakby ivokasalo1,018,084 views
- 3:530-day exploit hacking using linuxby Z3r0XoL11,082 views
- 0:19Linux 0dayby ne0sn1ff3r888 views
- 5:09local rootby qinory1,994 views
- 4:00Infamous Linux Filesystem Erase All from Rootby wiseguy1285187 views
- 3:22Linux 2.6.30+ 64-bit Local Kernel Exploit 0day,...by spendergrsec6,110 views
- 7:28Linux 2.X pipe() NULL ptr deref/race local root...by spendergrsec4,509 views
- 1:08Linux 2.6.31 perf_counter x64 Local Root Exploitby spendergrsec6,492 views
- 9:59RHEL5 2.6.18-157 Local Kernel Exploit 0day, dis...by spendergrsec7,294 views
- 3:07local rootby qinory889 views
what is the name of this wonderfull music ?
fred94440 2 years ago
It was whatever was playing on the PsyChill channel of di . fm at the time. Or maybe Chillout Dreams? --Night time music. I don't pay attention to song names :p
spendergrsec 2 years ago