Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'AssertionError' feedback #20

Open
yasooknigth opened this issue Jan 24, 2022 · 3 comments
Open

'AssertionError' feedback #20

yasooknigth opened this issue Jan 24, 2022 · 3 comments

Comments

@yasooknigth
Copy link

hi,worawit.
I've learned a lot about heap overflow from your project.But I have a new error during my VMs testing, the size parameter of cmnd function can not be obtained accurately all the time.
Here is the 'Error Message' below

[test@localhost tmp]$ python exploit_userspec.py

curr size: 0x1600

exit code: 11


curr size: 0x1100

exit code: 11


curr size: 0xe80

exit code: 11


curr size: 0xd40

exit code: 11


curr size: 0xca0

exit code: 11


curr size: 0xc50

exit code: 11


curr size: 0xc20

exit code: 11


curr size: 0xc10

exit code: 11

Traceback (most recent call last):
  File "exploit_userspec.py", line 736, in <module>
    main()
  File "exploit_userspec.py", line 652, in main
    cmnd_size = find_cmnd_size()
  File "exploit_userspec.py", line 154, in find_cmnd_size
    assert size_min == 0x2000 - 0x10
AssertionError

And,here is the version below:

[test@localhost tmp]$ sudo -V
Sudo version 1.8.23
Sudoers policy plugin version 1.8.23
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.23
[test@localhost tmp]$ hostnamectl
  Static hostname:  localhost
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 71a7851c7f64482cad825974248cc902
           Boot ID: d6b64d7f01684b8ca51f807d08079a03
    Virtualization: vmware
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-957.21.3.el7.x86_64
[test@localhost tmp]$ python -V
Python 2.7.5
[test@localhost tmp]$ sysctl -a --pattern randomiz
kernel.randomize_va_space = 2
[test@localhost tmp]$ ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

Also, I tried manually getting specific parameter values and specifying specific inputs(Some python code i've changed with local debugging)

exploit_userspec.py 0x2000 0
exploit_defaults_mailer.py 0x2000 0

The Error code still exists
Traceback (most recent call last):
  File "exploit_userspec.py", line 736, in <module>
    main()
  File "exploit_userspec.py", line 652, in main
    cmnd_size = find_cmnd_size()
  File "exploit_userspec.py", line 154, in find_cmnd_size
    assert size_min == 0x2000 - 0x10
AssertionError
@yasooknigth
Copy link
Author

Emmmmm,about more?the cpu & cores are both OK...

@gzz2000
Copy link

gzz2000 commented Jul 31, 2023

Have you solved this issue? I also encountered this on CentOS 7, sudo 1.8.6, and libc 2.17

@gzz2000
Copy link

gzz2000 commented Aug 1, 2023

Below is how to reproduce this problem:

docker run -it --rm centos:centos7.1.1503
# below: inside docker
curl https://yum.oracle.com/repo/OracleLinux/OL7/3/base/x86_64/getPackage/sudo-1.8.6p7-20.el7.x86_64.rpm -o sudo-1.8.6p7-20.el7.x86_64.rpm
rpm -i sudo-1.8.6p7-20.el7.x86_64.rpm

adduser test
su test
# then download and run exploit_defaults_mailer.py, it will report AssertionError.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gzz2000 @yasooknigth