Thursday, August 20, 2009

Linux NULL Pointer Dereference CVE-2009-2692

Refer here for a quick read on what a NULL Pointer Dereference vulnerability is.

Over the past week, the latest Linux NULL Pointer Dereference exploit has rendered millions of servers world-wide vulnerable to root compromise. Here's the CVE reference CVE-2009-2692.

Several local exploits have been released so far, the ones I tried and worked like magic are at:
- The shorter one
- The longer one

Here's how simply I get root on my box using the former exploit

To understand the exploit in detail a good explanation can be found here.

In summary - the exploit does a NULL pointer dereference that lands on page zero that is filled with bytes in your control. The exploit leverages pulseaudio, a setuid binary, to load your code.


  1. Yes its acknowledge by few other users in amazon ec2 (which we use a lot)

    thanks a ton for this blogpost