EXPLOITS

Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)

Author: Ramon de C Valle
type: local
platform: linux
port: 
date_added: 2009-09-08  
date_updated: 2019-09-06  
verified: 1  
codes: CVE-2009-2692;OSVDB-56992  
tags:   
aliases: 2009-linux-sendpage2.tar.gz  
screenshot_url:   
application_url:   

raw file: 9598.txt  

This is the second version of Linux sock_sendpage() NULL pointer
dereference exploit. Now, it also works with Linux kernel versions
which implements COW credentials (e.g. Fedora 11). For SELinux enforced
systems, it automatically searches in the SELinux policy rules for
types with mmap_zero permission it can transition, and tries to exploit
the system with that types.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/9598.tar.gz (2009-linux-sendpage2.tar.gz)

# milw0rm.com [2009-09-09]