Linux PERF_EVENTS Local Root

[RRJ]

Hi,
there are some rumors, that a well experienced programmer could edit this exploit to get the PVE Host root access.
Any comments on this?

http://packetstormsecurity.com/files/121616/semtex.c

p.s
this exploit really works. Gives a root rights to unprivileged user (amd64 systems)

 

[ebiss]

until now full patched CentOS 6.4 and Debian 7 is vulnerable.

 

[RRJ]

edited

 

[dietmar]

Normally, there are no local users on a PVE system. But I will upload a fix in a few hours.

 

[RRJ]

Well, its true. But one can get the root access to the container, using this exploit. So there are some rumors, that if one is experienced enough, he or she can gain access to the PVE host root from the container.
I've tested it on amd64 container (connected to it using ssh):

test@test:~$ ./a.out
2.6.37-3.x x86_64
sd@fucksheep.org 2010
root@test:~# whoami
root
root@test:~# uname -a
Linux test 2.6.32-16-pve #1 SMP Mon Oct 22 08:38:13 CEST 2012 x86_64 GNU/Linux

Anyways, thank you for the fix.

 

[dietmar]

I just uploaded the fix to the pve repository - please update and test.

 

[RRJ]

will do in few moments.

 

[RRJ]

great. works like a charm.

test@test:~$ whoami
test
test@test:~$ ./a.out
a.out: a.c:51: sheep: Assertion `!close(fd)' failed.
Aborted