Another exploit for the kernel pipe NULL pointer dereference bug. This one is inspired by Spender ‘s great work for his enlightenment framework. It seems to exist at every 2.6 and 2.4 kernel version I’ve tested! Another sock_sendpage maybe? This sample exploit only works for versions >= 2.6.17. You can download it here . As usual more information in the code. This time there are some funny quotes too! I haven’t done a lot of tests, so any feedback, and especially versions you have tested it and it worked, is welcome!
EDIT: New version is out. It adds support for the detection of kernels compiled with spinlock debugging options. Download it here .