- Fotis' Blog - https://fotisl.com/blog -

Linux kernel pipe NULL pointer dereference exploit (CVE-2009-3547)

Another exploit for the kernel pipe NULL pointer dereference bug. This one is inspired by Spender [1]‘s great work for his enlightenment framework. It seems to exist at every 2.6 and 2.4 kernel version I’ve tested! Another sock_sendpage maybe? This sample exploit only works for versions >= 2.6.17. You can download it here [2]. As usual more information in the code. This time there are some funny quotes too! I haven’t done a lot of tests, so any feedback, and especially versions you have tested it and it worked, is welcome!

EDIT: New version is out. It adds support for the detection of kernels compiled with spinlock debugging options. Download it here [3].