[lug] New root exploit for kernels prior to 2.4.12

Justin glow at jackmoves.com
Fri Oct 19 17:19:10 MDT 2001 

I was trying to get the ptrace exploit to work on one of my boxes 
earlier this morning. It was redhat 6.2 w/ a 2.2.17 kernel. The machine 
met the "credentials" for the exploit but it didn't work. Either that 
or I just wasn't doing something right (which is very possible)...I may 
try on another box when I get home that has 2.4.7 kernel and redhat 7.1.

Justin

> The posting I read outlined two exploits, both local.  First one 
involved a DoS possible with deep symlinks.  The second was an SUID 
vulnerability which would possibly allow root access to local users 
under certain widespread default installations.  Exploit code was 
provided for at least one of the two.
> 
> Nate Duehr wrote:
> > 
> > I haven't had a chance to read this yet, but is this a remote 
exploit
> > (network-based) or a local exploit?
> > 
> > On Fri, Oct 19, 2001 at 11:55:47AM -0600, Scott A. Herod wrote:
> > > Security focus has a note about a root exploit against kernels 
prior to
> > > 2.4.12.
> > >
> > > http://www.securityfocus.com/cgi-bin/archive.pl?
id=1&mid=221337&start=2001-10-15&end=2001-10-21
> > >
> > > Since they've also put up an exploit, I'd guess that it's once 
again
> > > time to upgrade
> > > the kernel.
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > 
> > --
> > Nate Duehr <nate at natetech.com>
> > 
> > GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE 
C1D2
> > Public Key available upon request, or at wwwkeys.pgp.net and others.
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> -- 
> 
>   - John Hernandez - Network Engineer - 303-497-6392 -
>  |  National Oceanic and Atmospheric Administration   |
>  |  Mailstop R/OM12. 325 Broadway, Boulder, CO 80305  |
>   ----------------------------------------------------
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> 

-----
glow at jackmoves.com
www.jackmoves.com

More information about the LUG mailing list