[Fedora-xen] Xen packages for Vulnerability to CVE-2008-0600

Asrai khn asraikhn at gmail.com
Tue Feb 12 18:26:54 UTC 2008 

On Feb 12, 2008 11:15 PM, Daniel P. Berrange <berrange at redhat.com> wrote:

> http://justfuckinggoogleit.com/
>
>
> wow got it from
http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c

gcc -o exploit 27704.c


./expoit

gimme at 2.6.21-2952.fc8xen (didn't get root shell)

 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7ef4000 .. 0xb7f26000
Segmentation fault
[asraikhn at xxxx ~]$
Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: Oops: 0000 [#1]

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: SMP

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: CPU:    0

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: EIP:    0061:[<080487f5>]    Not tainted VLI

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: EFLAGS: 00210293   (2.6.21-2952.fc8xen #1)

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: EIP is at 0x80487f5

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: eax: e9000003   ebx: 00000004   ecx: 00000000   edx: 00004000

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: esi: c3c79f8c   edi: ffffffe0   ebp: c3c79e70   esp: c3c79e5c

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0069

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: Process exploit (pid: 26415, ti=c3c79000 task=c14217d0
task.ti=c3c79000)

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: Stack: 0000000d 00000000 e9000003 e9000003 00000004 00000001
c1058163 c108adbd

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel:        00000000 00000000 00000000 00000000 00000030 00000030
bfe230b8 c108b9e7

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel:        ffffffd0 00000000 00000000 c3c79f4c 00000000 c3c7a00c
c181b120 c039ba00

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: Call Trace:

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel:  [<c1058163>] put_compound_page+0x13/0x14

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel:  [<c108adbd>] splice_to_pipe+0x1c7/0x1d6

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel:  [<c108b9e7>] sys_vmsplice+0x262/0x28b

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel:  =======================

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: Code:  Bad EIP value.

Message from syslogd at xxxx at Feb 12 18:21:48 ...
 kernel: EIP: [<080487f5>] 0x80487f5 SS:ESP 0069:c3c79e5c

regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-xen/attachments/20080212/9e1ace7d/attachment.htm>

More information about the Fedora-xen mailing list