HomeWelcome to Forensic Methods, an archive of computer forensic resources to assist clients, students, and fellow practitioners
CVE-2012-0056 - Mempodipper, a linux local root exploit.
Linux Local Privilege Escalation via SUID /proc/pid/mem Write Mempodipper Introducing Mempodipper, an exploit for CVE-2012-0056. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process's virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the pri
メモリフォレンジックã«ã‚ˆã‚‹ãƒžãƒ«ã‚¦ã‚§ã‚¢æ„ŸæŸ“ç—•è·¡ã®èª¿æŸ» – IIJ Security Diary
メモリフォレンジックã¯ã€æ®ç™ºæ€§ã®ãƒ‡ãƒ¼ã‚¿ã‚’解æžã™ã‚‹æŠ€è¡“ã§ã™ã€‚インシデントレスãƒãƒ³ã‚¹ã«ãŠã„ã¦ã¯ã€ã€Œã©ã“ã¨é€šä¿¡ã—ã¦ã„ãŸã‹ã€ã€Œã©ã‚“ãªãƒ—ãƒã‚°ãƒ©ãƒ やスレッドãŒå‹•ã„ã¦ã„ãŸã‹ã€ã€Œã©ã®ã‚ˆã†ãªãƒ‡ãƒ¼ã‚¿ãŒãƒ¡ãƒ¢ãƒªä¸Šã«ãƒžãƒƒãƒ”ングã•ã‚Œã¦ã„ãŸã‹ã€ãªã©ã®æƒ…å ±ãŒã—ã°ã—ã°é‡è¦ã«ãªã£ã¦ãã¾ã™ã€‚メモリフォレンジックをã†ã¾ã活用ã™ã‚‹ã“ã¨ã§ã€ã“れらã®æƒ…å ±ã‚’æŠ½å‡ºã™ã‚‹ã“ã¨ãŒå¯èƒ½ã«ãªã‚Šã¾ã™ã€‚今回ã¯ã€ãƒ¡ãƒ¢ãƒªãƒ•ã‚©ãƒ¬ãƒ³ã‚¸ãƒƒã‚¯ã®ãƒ†ã‚¯ãƒ‹ãƒƒã‚¯ã‚’用ã„ã¦ãƒžãƒ«ã‚¦ã‚§ã‚¢ã®æ„ŸæŸ“痕跡を調ã¹ã‚‹æ–¹æ³•ã‚’紹介ã—ã¾ã™ã€‚ æ•°å¹´å‰ã¾ã§ã€æ®ç™ºæ€§ã®ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã™ã‚‹æ–¹æ³•ã¯ã€å¯¾è±¡ã®ãƒžã‚·ãƒ³ä¸Šã§ãƒ—ãƒã‚»ã‚¹æƒ…å ±ã‚„é€šä¿¡æƒ…å ±ãªã©ã‚’出力ã™ã‚‹ã‚³ãƒžãƒ³ãƒ‰(ãŸã¨ãˆã°ã€netstat)を実行ã™ã‚‹ã‚„ã‚Šæ–¹ãŒä¸»æµã§ã—ãŸã€‚ã—ã‹ã—ã“ã®ã‚„ã‚Šæ–¹ã§ã¯ã€ä»¥ä¸‹ã®äºŒç¨®é¡žã®æƒ…å ±ã‚’å–å¾—ã™ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。 API ã®ãƒ•ãƒƒã‚¯ã‚„リンクリストã®æ”¹ã–ã‚“ãªã©ã«ã‚ˆã‚Šã€æ„図的ã«éš 蔽ã•ã‚Œã¦ã„ã‚‹æƒ…å ±çµ‚äº†ã—ãŸãƒ—ãƒã‚»ã‚¹ãªã©ã€æ—¢ã«é–‹æ”¾ã•ã‚ŒãŸãƒ¡ãƒ¢ãƒªé ˜åŸŸã«å˜åœ¨ã™
1
ランã‚ング
ランã‚ング
ãŠçŸ¥ã‚‰ã›
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
処ç†ã‚’実行ä¸ã§ã™
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
http://www.ecsl.cs.sunysb.edu/elibrary/linux/mm/mm.pdf
{{#tags}}- {{label}}
{{/tags}}