Hey there, I hope you guy's an gal's are enjoying my blog so far, it's always nice to be able to reach out and touch a wider audience and give them a little visual stimulation for the old Grey matter.

So according to the wikipedia the Riddler is an expert hacker, well you've heard that right... Let me share a localized exploit for Linux Kernels 2.6.39 up to 3.0.1

Introducing Mempodipper, an exploit for CVE-2012-0056. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process’s virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed.

But to read about it you have to visit the guy who originally discovered the exploits blog spot.

 http://blog.zx2c4.com/749

Kudos to Jason for noticing this and writing a really cool local exploit which when executed locally on a machine causes it to dump the current user directly into the privileged root account.

If like the Riddler your using a Linux machine you might want to check your current kernel version and consider an upgrade to patch yourself against this with CVE-COMMIT CVE-2012-0056 Last revised 01/30/2012.