CVE-2006-2451

This exploit leverages CVE-2006-2451 by manipulating the `PR_SET_DUMPABLE` prctl argument to create a core dump in a restricted directory, then uses logrotate to execute arbitrary commands as root. It creates a setuid helper binary to gain root privileges.

This exploit leverages a vulnerability in the `prctl` system call (CVE-2006-2451) to achieve local privilege escalation by manipulating core dump behavior and creating a cron job to set the SUID bit on a shell binary. The exploit is designed for Linux kernels 2.6.13 to 2.6.17.4 and 2.6.9-22.ELsmp.

This exploit leverages CVE-2006-2451, a Linux kernel vulnerability in the suid_dumpable feature (2.6.13 to 2.6.17.4 and 2.6.16 before 2.6.16.24). It abuses the PR_SET_DUMPABLE prctl argument to create a core dump in a restricted directory (/etc/cron.d), then injects a malicious cron job to gain root privileges via a setuid helper.

This exploit leverages a flaw in Linux kernels >= 2.6.13 where PR_SET_DUMPABLE allows a user to create a root-owned coredump in any directory. The exploit forges a malicious cron job to escalate privileges by manipulating the coredump file.

This exploit leverages a Linux kernel vulnerability (CVE-2006-2451) in PRCTL core dump handling to achieve local privilege escalation. It manipulates core dump behavior to create a cron job that copies a root-owned shell to /tmp/sh, granting root access.