关联漏洞
标题:
Linux kernel 竞争条件问题漏洞
(CVE-2016-5195)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 2.x至4.8.3之前的4.x版本中的mm/gup.c文件存在竞争条件问题漏洞,该漏洞源于程序没有正确处理copy-on-write(COW)功能写入只读内存映射。本地攻击者可利用该漏洞获取权限。
描述
Universal Android root tool based on CVE-2016-5195. Watch this space.
介绍
# cowroot
Universal Android root tool based on CVE-2016-5195. Watch this space.
### Current Status:
- Only works on 32-bit devices
- Only able to get root on Cyanogenmod devices, when both getuid() and geteuid() are patched (i.e. bypasses su checks).
I've ported https://gist.github.com/scumjr/17d91f20f73157c722ba2aea702985d2 to Android arm32.
As a proof-of-concept, it patches getuid() and geteuid() in libc to always return 0. Unless there is a su binary like on Cyanogenmod devices, this doesn't do anything useful. vDSO is not patched because many Android kernels do not have it enabled.
In order to get "real" root, I'm going to have to use a different patching strategy.
If I patch a function that is used by an already-privileged process, I should be able to get full control.
文件快照
[4.0K] /data/pocs/d1a171334cb2e7577742e9cba8c81b7ae6de8526
├── [ 247] Android.mk
├── [4.4K] cowroot.c
├── [1.0K] LICENSE
├── [ 255] Makefile
└── [ 794] README.md
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。