Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

CVE-2014-0196: Linux kernel <= v3.15-rc4: raw mode PTY local echo race condition

  • 16-05-2014 12:45PM
    #1
    syklops
    Closed Accounts Posts: 18,966 ✭✭✭✭


    Might be of some interest to any sys admins who frequent this board.

    Proof of Concept code has been released for CVE-2014-0196. Credit to Matt Daley: http://bugfuzz.com/stuff/cve-2014-0196-md.c

    Thanks Matt. Thanks for making me try it on all the servers I manage to check if Im vulnerable. Like I had nothing else to do on this sunny Friday. :p

    Seriously though, one machine was vulnerable. I rather know about this stuff then not know about it. Im sure others here are the same.


Comments

  • #2
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Did you get root on the box in question? Just compile that c file and run it?


  • #3
    syklops
    Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Khannie wrote: »
    Did you get root on the box in question? Just compile that c file and run it?

    On one box I did. Its an awesome feeling when its part of a Pen Test. Its chilling when its one of your own boxen.

    To compile, run:
    cc -o a.out -lpthread -lopenpty cve-2014-0196-md.c


  • #4
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    syklops wrote: »
    Its chilling when its one of your own boxen.

    My lovely boooxxeeeennnn.....with your ethernet cables blowing in the wind...


Advertisement