-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not worked #1
Comments
please post the path(kernel version ,release version..) |
Same error as above: cat /etc/os-release I see now in article it appears to have been fixed in my kernel version |
My Ubuntu 21.10 seems to be good too. ➜ CVE-2022-0847-DirtyPipe-Exploit git:(main) ./compile.sh
➜ CVE-2022-0847-DirtyPipe-Exploit git:(main) ls
compile.sh exploit exploit.c LICENSE.txt README.md
➜ CVE-2022-0847-DirtyPipe-Exploit git:(main) ./exploit
Backing up /etc/passwd to /tmp/passwd.bak ...
Setting root password to "aaron"...
system() function call seems to have failed :(
➜ CVE-2022-0847-DirtyPipe-Exploit git:(main) uname -a
Linux falcon 5.13.0-30-generic #33-Ubuntu SMP Fri Feb 4 17:03:31 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
➜ CVE-2022-0847-DirtyPipe-Exploit git:(main) lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 21.10
Release: 21.10
Codename: impish |
The original exploit seems to work by replacing the password for the root user with the password "aaron". My bet is if you su root and then type aaron as the password you'll see that you're root. The extra additions tot he original exploit that should be replacing the /etc/passwd with the /tmp/passwd.bak file is not working. This version of the modified exploit does not drop you into a root shell directly when running it. It simply replaces the password for root and requires the user to su to the root account with the"aaron" password. |
Sure. But check the output of my command line when executing the exploit. ➜ CVE-2022-0847-DirtyPipe-Exploit git:(main) ./exploit
Backing up /etc/passwd to /tmp/passwd.bak ...
Setting root password to "aaron"...
system() function call seems to have failed :( The Also, I did not post this part, since I tested it before posting this here. But But it is a bit late for me, I guess, at least on my system, since Ubuntu has patched the issue. |
Yes, so, in some cases, overwrite may not correct worked on some boundary. |
The array of argv must be terminated by a null pointer. |
The text was updated successfully, but these errors were encountered: