Linux kernel (2.6.17 - 2.6.24.1) Local Root Exploit

출처 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0010
관련링크 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0010
http://kldp.org/node/90926
일반 계정유저가 exploit을 돌리면 루트쉘을 바로 얻을수 있다고 하니 서둘러 커널업데이트나
패치를 하시기 바랍니다. exploit이 실행되는 커널 버전은 2.6.17 - 2.6.24.1대로 알려져있습니다.
------------------------------------------------------------------------------------------------
Vulnerability Summary CVE-2008-0010
Original release date: 2/12/2008
Last revised: 2/12/2008
Source: US-CERT/NIST

Overview

The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate
a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.

Impact

CVSS Severity (version 2.0):
CVSS v2 Base score: 2.1 (Low) (AV:L/AC:L/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 3.9

Access Vector: Locally exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

External Source: MILW0RM (disclaimer) Name: 5093 Hyperlink: http://www.milw0rm.com/exploits/5093

External Source: (disclaimer) Hyperlink: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1

External Source: (disclaimer) Hyperlink: http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt

Vulnerable software and versions
Configuration 1
− Linux, Kernel, 2.6.22 , 2.6.22 Rc6 , 2.6.22.1 , 2.6.22.16 , 2.6.22.3 , 2.6.22.4 , 2.6.22.5
2.6.22.6 , 2.6.22.7 , 2.6.23 , 2.6.23 .2 , 2.6.23 Rc1 , 2.6.23.09 , 2.6.23.1 , 2.6.23.14
2.6.23.2 , 2.6.23.3 , 2.6.23.4 , 2.6.23.5 , 2.6.23.6 , 2.6.23.7 , 2.6.23_rc2 , 2.6.23rc1
2.6.23rc2 , 2.6.24 Rc2 , 2.6.24_rc2 , 2.6.24_rc3
Technical Details

Vulnerability Type (View All)
Input Validation (CWE-20)

CVE Standard Vulnerability Entry:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0010

Common Platform Enumeration:
http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-0010

+ Recent posts