Re: PTRACE Fixed?
On Sat, Mar 22, 2003 at 10:58:24AM -0800, Jon wrote:
> On Sat, 2003-03-22 at 04:43, Markus Kolb wrote:
> > Jon wrote:
> >
> > [...]
> >
> > >>
> > >>Linux kmod + ptrace local root exploit by <anszom@v-lo.krakow.pl>
> > >>
> > >>=> Simple mode, executing /usr/bin/id > /dev/tty
> > >>sizeof(shellcode)=95
> > >>=> Child process started..........
> > >>=> Child process started..........
> >
> > [...]
> > >>
> > >>Does this mean the patch I downloaded worked?
> > >
> > >
> > > Yes.
> > >
> > > - Jon
> >
> > Mmh, well, I have a non-patched 2.4.19 and so there should be the bug.
> > I've tried the k3m, too.
> > In my environment it first told me that my kernel is attackable.
> > I ran k3m a 2nd and 3rd time and it has only reported the "Child process
> > started..." messages and produced child process zombies.
>
probably a timeing issue, too.
I guess km3 has problems on fast machines.
Lars
>
> The exploit may need to start several child proceesses before one of
> them obtains root priviledges. If your kernel is vulnerable, you should
> get an "ok!" message after a few attempts (usually works the second or
> third time on my 2.4.20-k7 machine).
>
> When run without arguments, the exploit just starts a process, checks
> its priviledges, then kills the processes. I have not noticed any
> zombie processes after running the exploit - even after running it
> several times. If you *do* want it to start some processes, there are
> command-line options to do so.
>
>
> > What is that? Is k3m buggy? Very strange...
> >
>
> Works great on my machine... unfortunately. ;)
>
> - Jon
Reply to: