Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

Cemetery

As medicine pregressed using corpse, I want to learn resuming old vulnerabilities.

Meta

Resurrect corpes, I mean, vulnerabilities, can be troublesome

Qemu

It's pretty cool to use qemu to run different kernels or debug them.

BTW sometimes it's a pain: so here some troubleshooting

  • try -m 1024 if panic

  • Could not read from CD-ROM (code 0009): download desktop version

  • Arch linux Qemu page

Old Ubuntu releases

You can grab them from http://old-releases.ubuntu.com.

Debian kernel package

For Debian exists snapshot.debian.org to retrieve old packages.

Take in mind that to find a specific vulnerable kernel package you have to read what is vulnerable from the specific vulnerability tracker here for dirtycow and probably you will find the source package; after that you must look at what packages have been generated from that (search on snapshot site the source package's name, look for the specific version from all the available ones and then there is a section named Binary packages).

After that, some kernel need an initrd that is generated when installed, without it the system fails to boot since at least the module to mount the root filesystem is needed.

The best option is probably use docker: insert a unique entry for snapshot.debian.org that makes sense, install the kernel and after that copy the initrd from the /boot directory.

Root filesystem

If you have a root filesystem contained in a tar archive, you can create an empty file large enough, mount it and untarring the archive into it.

$ dd if=/dev/zero of=rootfs.ext4 status=progress bs=1M count=1024
$ sudo mkfs.ext4 rootfs.ext4 
$ mkdir mount
$ mount -o loop rootfs.ext4 mount
$ sudo mount -o loop rootfs.ext4 mount
$ sudo tar -xvf /tmp/amd64-rootfs-20170318T102216Z.tar.gz -C mount
$ sudo umount mount

Link

About

Resurrect vulnerabilities one CVE at the times

Resources

Releases

No releases published

Packages

No packages published