====== 2012.01.23 - /proc/mem exploit ======

few days ago i came across information about error in the way kernel handled access to mem file of the processes, when running sudo applications. didn't have to wait long to see [[http://blog.zx2c4.com/749|working exploit]]. description is worth reading for at least two reasons - it's up to date event and each step is shown and explained in the detail. another nice thing, except for the [[http://git.zx2c4.com/CVE-2012-0056/tree/mempodipper.c|exploit itself]], is the source of the shellcode (both [[http://git.zx2c4.com/CVE-2012-0056/tree/shellcode-64.s|64-bit]] and [[http://git.zx2c4.com/CVE-2012-0056/tree/shellcode-32.s|32-bit]]).

enjoy reading, have a nice time patching... ;)