Re: Exploit - what to do

To: debian-security@lists.debian.org
Subject: Re: Exploit - what to do
From: Alexander Reelsen <alex@rhwd.owl.de>
Date: Wed, 18 Jul 2001 16:45:55 +0200
Message-id: <[🔎] 20010718164554.A27965@rhwd.owl.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 001d01c10f8f$7cb8a460$4f00a8c0@kompas.net.pl>

Hi

On Wed, Jul 18, 2001 at 03:42:26PM +0200, Jerzy Wolinski wrote:
> I found some local root exploit (source and binary).
> I have run it on some test system. It works on Debian 2.2r2
> >From source I can see that it uses passwd program,
> but I have no knowlegde and no time to search how it
> really works. On debian security alert pages I see
> nothing about passwd.
> What should I do?
Sounds as if it is one of the ptrace() holes in kernels prior to 2.2.19.
It needs an arbitrary setuid binary (passwd is one) to exploit that flaw,
but there are enough...

What to is just to upgrade your kernel. But as your box sounds
compromised, reinstall it along with a kernel.

If you're using linux 2.2.19 please post some more information.


MfG/Regards, Alexander

-- 
Alexander Reelsen   http://joker.rhwd.de
ref@linux.com       GnuPG: pub 1024D/F0D7313C  sub 2048g/6AA2EDDB
ref@tretmine.org    7D44 F4E3 1993 FDDF 552E  7C88 EE9C CBD1 F0D7 313C
Securing Debian:    http://joker.rhwd.de/doc/Securing-Debian-HOWTO

Reply to:

References:
- Exploit - what to do
  - From: "Jerzy Wolinski" <wolinski@poczta.onet.pl>

Prev by Date: Re: Exploit - what to do
Next by Date: Re: Exploit - what to do
Previous by thread: Re: Exploit - what to do
Next by thread: Re: Exploit - what to do
Index(es):
- Date
- Thread