You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hi,
The PoC script did not work with my ubuntu 20.04.1 enviroment , so I try to make my own poc script based on the fuzz and exploit methhod.
For debugging convenience , I did this with root user. After some works, a poc worked with nss_load_library() method.
But when switch to general user , the script did not work, because the heap chunk I used to overflow was pre allocated and store somethins like groups=4,24,27,30,46,120,131,132,1000
I have no idea why this happened, I want to know what is the difference between running this script through root user and normal user. Looking forward to your help .Thanks!
I found the reason. This is because in sudo.c, get_user_groups() took my heap chunk away because my test user happens to belong to 9 groups . Just change to another general user.
hi,
The PoC script did not work with my ubuntu 20.04.1 enviroment , so I try to make my own poc script based on the fuzz and exploit methhod.
For debugging convenience , I did this with root user. After some works, a poc worked with nss_load_library() method.
But when switch to general user , the script did not work, because the heap chunk I used to overflow was pre allocated and store somethins like
groups=4,24,27,30,46,120,131,132,1000
I have no idea why this happened, I want to know what is the difference between running this script through root user and normal user. Looking forward to your help .Thanks!
Here is my poc.
The text was updated successfully, but these errors were encountered: