The Ac1db1tch3z exploit and "Robert you suck" thingie

Rober you suck

Yepp.. It's another one. I've tested it on my own laptop and voila: BOOM! Anoher local root exploit is out there. In fact this exploit shouldn't have been released at all.. An earlier incident was reported in 2007.So why in God's sake is this malfunction still in the wild? We don't know it. I'd call it stupidity, if you're fine with me. L33t hackers like Ac1db1tch3z seem to have antipathy against good security researchers like Ben Hawkes. Nevertheless I was able to find a workaround which will fix the problem. Unfortunately this doesn't fix the problem at all:

# echo ':32bits:M:0:x7fELFx01::/bin/echo:' > /proc/sys/fs/binfmt_misc/register
$ ./boom
resolved symbol commit_creds to 0xffffffff81068009
resolved symbol prepare_kernel_cred to 0xffffffff81067f0c
mapping at 3f80000000
UID 0, EUID:0 GID:0, EGID:0
# id
uid=0(root) gid=0(root) Gruppen=0(root)</pre>

So where is the solution?!  Check this and this.


Prev: icmpKNOCK v0.2 released
Next: DEADF700? Stuxnet!

comments powered by Disqus
Published:
2010-09-17 00:00
category:
Tag:
wtf11