Timeline :

CVE-2010-3849 reported by Nelson Elhagethe the 2010-10-18
CVE-2010-3850 reported by Nelson Elhagethe the 2010-10-18
CVE-2010-4258 reported by Nelson Elhagethe the 2010-12-02

PoC provided by :

Dan Rosenberg
Nelson Elhage

Reference(s) :

CVE-2010-3849
CVE-2010-3850
CVE-2010-4258

Affected version(s) :

All Linux Kernel versions previous to the 2.6.37 version

Tested on Ubuntu 10.10 server

Description :

This exploit leverages three vulnerabilities to get root, all of which were discovered by Nelson Elhage.

Commands :

uname -a
uid
gcc full-nelson.c -o full-nelson
./full-neslon
uid