25, 1/1 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ¸Û¸Û
   http://hackerschool.org
   do_mremap() Ãë¾àÁ¡ 2 : Ãë¾àÁ¡ ÇÇÇØ

http://www.hackerschool.org/HS_Boards/zboard.php?id=advisory&no=20 [º¹»ç]


ÀÌ Ãë¾àÁ¡À» ÀÌ¿ëÇϸé, °èÁ¤À» °¡Áö°í ÀÖ´Â ÀÏ¹Ý »ç¿ëÀÚ°¡
ÃÖ°í °ü¸®ÀÚ ±ÇÇÑ(root)¸¦ ȹµæÇÒ ¼ö ÀÖ½À´Ï´Ù.

ISEC ±×·ì¿¡¼± Ãë¾à¼º Á¸Àç ¿©ºÎ¸¦ ÆǺ°ÇØÁÖ´Â Å×½ºÆ® Äڵ带
¹ßÇ¥ÇÏ¿´À¸¸ç, ÀÌ Å×½ºÆ® Äڵ尡 ¼öÁ¤µÈ º¯Á¾ °ø°Ý Äڵ尡
Á¸ÀçÇÒ ¼ö ÀÖÀ¸´Ï ÇÊÈ÷ ÆÐÄ¡ ÀÛ¾÷À» ÁøÇàÇÏ¼Å¾ß ÇÕ´Ï´Ù.

====================================================
Trying 192.168.0.2 ...
Connected to 192.168.0.2.
Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-8 on an i686
login: user
Password:
Last login: Tue Mar 16 10:19:09 from 192.168.0.1
[user@localhost user]$
[user@localhost user]$ ./vuln_test
[+] kernel 2.4.20-8  vulnerable: YES  exploitable YES
    MMAP #65530  0x50bfa000 - 0x50bfb000
[+] Success

Usage: ping [-LRUbdfnqrvVaA] [-c count] [-i interval] [-w deadline]
            [-p pattern] [-s packetsize] [-t ttl] [-I interface or address]
            [-M mtu discovery hint] [-S sndbuf]
            [ -T timestamp option ] [ -Q tos ] [hop1 ...] destination  

[user@localhost user]$
====================================================

À§ ¸ð½Àó·³ vulnerable°ú exploitable ºÎºÐÀÌ YES·Î Ç¥½ÃµÇ¸é
°ø°ÝÀ» ´çÇÒ ¼ö ÀÖ½À´Ï´Ù. (Å×½ºÆ® ÄÚµå´Â ¾Ç¿ëÀÇ ¼ÒÁö°¡ ÀÖÀ¸¹Ç·Î
÷ºÎÇÏÁö ¾Ê½À´Ï´Ù.)

[Ãë¾àÁ¡ ºÐ¼®]
[Ãë¾àÁ¡ ÆÐÄ¡]
  Hit : 3389     Date : 2004/03/16 09:09


    
25   setsockopt() Ãë¾àÁ¡ : ¹æ¾î ¸ðµâÀ» ÀÌ¿ëÇÑ ÆÐÄ¡[1]     ¸Û¸Û
 05/20 3438
24   setsockopt() Ãë¾àÁ¡ : Ä¿³Î ¾÷±×·¹À̵带 ÅëÇÑ ÆÐÄ¡[5]     ¸Û¸Û
 05/20 3186
23   setsockopt() Ãë¾àÁ¡ : Ãë¾àÁ¡ ÆÐÄ¡     ¸Û¸Û
 05/20 3556
22   setsockopt() Ãë¾àÁ¡ : Ãë¾àÁ¡ ºÐ¼®     ¸Û¸Û
 05/20 5123
21   setsockopt() Ãë¾àÁ¡ : °ø°ÝÀÇ ÇÇÇØ     ¸Û¸Û
 05/20 3765
20   setsockopt() Ãë¾àÁ¡ : °ø°ÝÀÇ ´ë»ó[4]     ¸Û¸Û
 05/20 4454
19   [5¿ù 20ÀÏ] 2.6.3°ú 2.4.25 ÀÌÇÏ ¸®´ª½º Ä¿³ÎÀÇ setsockopt ½Ã½ºÅÛ ÄÝ Ãë¾àÁ¡[5]     ¸Û¸Û
 05/20 9256
18   do_mremap() Ãë¾àÁ¡ 2 : Ãë¾àÁ¡ ÆÐÄ¡[1]     ¸Û¸Û
 03/16 3356
17   do_mremap() Ãë¾àÁ¡ 2 : Ãë¾àÁ¡ ºÐ¼®[4]     ¸Û¸Û
 03/16 3580
  do_mremap() Ãë¾àÁ¡ 2 : Ãë¾àÁ¡ ÇÇÇØ     ¸Û¸Û
 03/16 3388
15   do_mremap() Ãë¾àÁ¡ 2 : °ø°ÝÀÇ ´ë»ó[2]     ¸Û¸Û
 03/16 3365
14   [3¿ù 1ÀÏ] ¸®´ª½º Ä¿³Î do_mremap ³»ºÎ ÇÔ¼öÀÇ ¶Ç ´Ù¸¥ Ãë¾àÁ¡.     ¸Û¸Û
 03/15 5059
13   do_mremap() Ãë¾àÁ¡ : Ãë¾àÁ¡ ÆÐÄ¡[8]     ¸Û¸Û
 01/27 3646
12   do_mremap() Ãë¾àÁ¡ : Ãë¾àÁ¡ ºÐ¼®     ¸Û¸Û
 01/27 4073
11   do_mremap() Ãë¾àÁ¡ : °ø°ÝÀÇ ÇÇÇØ     ¸Û¸Û
 01/27 3434
10   do_mremap() Ãë¾àÁ¡ : Ãë¾àÁ¡ È®ÀÎ[1]     ¸Û¸Û
 01/27 3475
9   do_mremap() Ãë¾àÁ¡ : °ø°ÝÀÇ ´ë»ó     ¸Û¸Û
 01/27 4018
8   [1¿ù 15ÀÏ] ¹öÀü 2.4.23 & 2.6.0 ÀÌÇÏ ¸®´ª½º Ä¿³ÎÀÇ do_mremap() Ãë¾àÁ¡[1]     ¸Û¸Û
 01/27 7395
7   do_brk() Ãë¾àÁ¡ : ¹æ¾î ¸ðµâÀ» ÀÌ¿ëÇÑ ÆÐÄ¡[3]     ¸Û¸Û
 12/17 4019
6   do_brk() Ãë¾àÁ¡ : Ä¿³Î ¾÷±×·¹À̵带 ÅëÇÑ ÆÐÄ¡     ¸Û¸Û
 12/17 3810
5   do_brk() Ãë¾àÁ¡ : Ãë¾àÁ¡ ÆÐÄ¡[3]     ¸Û¸Û
 12/17 4411
4   do_brk() Ãë¾àÁ¡ : Ãë¾àÁ¡ ºÐ¼®[1]     ¸Û¸Û
 12/17 6333
3   do_brk() Ãë¾àÁ¡ : °ø°ÝÀÇ ÇÇÇØ     ¸Û¸Û
 12/17 4602
2   do_brk() Ãë¾àÁ¡ : °ø°ÝÀÇ ´ë»ó     ¸Û¸Û
 12/17 4993
1   [12¿ù 17ÀÏ] ¹öÀü 2.4.22 ÀÌÇÏ ¸®´ª½º Ä¿³ÎÀÇ do_brk() Ãë¾àÁ¡[2]     ¸Û¸Û
 12/17 7537
1

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org