[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exploit - what to do


On Wed, Jul 18, 2001 at 03:42:26PM +0200, Jerzy Wolinski wrote:
> I found some local root exploit (source and binary).
> I have run it on some test system. It works on Debian 2.2r2
> >From source I can see that it uses passwd program,
> but I have no knowlegde and no time to search how it
> really works. On debian security alert pages I see
> nothing about passwd.
> What should I do?
Sounds as if it is one of the ptrace() holes in kernels prior to 2.2.19.
It needs an arbitrary setuid binary (passwd is one) to exploit that flaw,
but there are enough...

What to is just to upgrade your kernel. But as your box sounds
compromised, reinstall it along with a kernel.

If you're using linux 2.2.19 please post some more information.

MfG/Regards, Alexander

Alexander Reelsen   http://joker.rhwd.de
ref@linux.com       GnuPG: pub 1024D/F0D7313C  sub 2048g/6AA2EDDB
ref@tretmine.org    7D44 F4E3 1993 FDDF 552E  7C88 EE9C CBD1 F0D7 313C
Securing Debian:    http://joker.rhwd.de/doc/Securing-Debian-HOWTO

Reply to: