You are not logged in.
Pages: 1
Hi there,
A new kernel vulnerability is affecting all 2.6 versions up to 2.6.17-4. Since it's locally exploitable it isn't a real problem for personnal computers but more alarming for servers.
The current Arch kernel is not vulnerable, so like always I encourage you to keep your systems up to date.
Offline
link please
I am using
> uname -a
Linux arch 2.6.18-rc2 #1 PREEMPT Tue Jul 18 20:11:34 KST 2006 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz GenuineIntel GNU/Linux
>
I removed my sig, cause i select the flag, the flag often the target of enemy.
SAR brain-tumor
[img]http://img91.imageshack.us/img91/460/cellphonethumb0ff.jpg[/img]
Offline
I am using:
Linux arch 2.6.18-rc2 #1 PREEMPT Tue Jul 18 20:11:34 KST 2006 i686
Yeah. His post is so 2.6.17...
Offline
yeah, just figured out I forgot to give the urls. Here they come :
Linux Kernel PROC Filesystem Local Privilege Escalation on SecurityFocus
Original message on Full-Disclosure
Have fun !
Offline
[ewoud@aenea:~]$ gcc -o h00lyshit h00lyshit.c
[ewoud@aenea:~]$ ./h00lyshit h00lyshit.c
preparing
trying to exploit h00lyshit.c
sh-3.1$ whoami
ewoud
edit: duh! guess I missed the final sentence of his post
tea is overrated
Offline
the vulnerability has long been fixed, ever since .5
I recognize that while theory and practice are, in theory, the same, they are, in practice, different. -Mark Mitchell
Offline
I guess you refer to 2.6.17.5 , not 2.6.5 . To me 5 days ago is not such a long time ( 2.6.17.5 was released July 14).
Offline
To "fix" these bugs with workarounds:
mount -o remount,nosuid /proc
echo /root/core > /proc/sys/kernel/core_pattern
The first one makes sure the coredumps to files with root ownership bug is no longer possible: all files will get dropped in /root/core, not in other locations on the filesystem (assuming /root/core is innocent as cron doesn't scan it).
The 2nd one makes sure you can't make things setuid in /proc, which disables the common exploits that try to make use of it.
These are just workarounds, but if you aren't able to update to the latest kernel, these workarounds should keep scriptkiddies out.
BTW: one of my webservers was hacked back on 14th of july with this one, the same day the kernelpatch for the proc exploit thingy was released.
Offline
That's why plan9 is so gr8.
I removed my sig, cause i select the flag, the flag often the target of enemy.
SAR brain-tumor
[img]http://img91.imageshack.us/img91/460/cellphonethumb0ff.jpg[/img]
Offline
Which has what to do with this discussion?
Offline
Which has what to do with this discussion?
http://en.wikipedia.org/wiki/Plan_9_fro … bs#.2Fproc
/proc came from Plan9, and user was just reiterating how gr8 that was.
Offline
Pages: 1