[32645] in bugtraq
Re: Linux kernel do_brk() proof-of-concept exploit code
daemon@ATHENA.MIT.EDU (Calum)
Tue Dec 2 13:32:07 2003
From: Calum <bugtraq@umtstrial.co.uk>
To: Christophe Devine <DEVINE@iie.cnam.fr>
Date: Tue, 2 Dec 2003 17:21:13 +0000
In-Reply-To: <Pine.VMS.3.91-b11-vms.1031202031221.13520A-100000@speedy.iie.cnam.fr>
Cc: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200312021721.13324.bugtraq@umtstrial.co.uk>
On Tuesday 02 December 2003 3:16 am, Christophe Devine wrote:
> The following program can be used to test if a x86 Linux system
> is vulnerable to the do_brk() exploit; use at your own risk.
This POC code needs nasm greater than 0.98.36, otherwise you get the following
error when trying to compile it.
exploit@womble exploit $ nasm -v
NASM version 0.98.36 compiled on Jul 17 2003
exploit@womble exploit $ nasm brk_poc.asm -o a.out
brk_poc.asm:5: error: attempt to set a negative program origin
It works with 0.98.38.
--
The early bird may get the worm, but the second mouse gets the cheese.
http://gk.umtstrial.co.uk/~calum/
