[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PTRACE Fixed?



On Sat, Mar 22, 2003 at 10:58:24AM -0800, Jon wrote:
> On Sat, 2003-03-22 at 04:43, Markus Kolb wrote:
> > Jon wrote:
> > 
> > [...]
> > 
> > >>
> > >>Linux kmod + ptrace local root exploit by <anszom@v-lo.krakow.pl>
> > >>
> > >>=> Simple mode, executing /usr/bin/id > /dev/tty
> > >>sizeof(shellcode)=95
> > >>=> Child process started..........
> > >>=> Child process started..........
> > 
> > [...]
> > >>
> > >>Does this mean the patch I downloaded worked?
> > > 
> > > 
> > > Yes.
> > > 
> > > - Jon
> > 
> > Mmh, well, I have a non-patched 2.4.19 and so there should be the bug.
> > I've tried the k3m, too.
> > In my environment it first told me that my kernel is attackable.
> > I ran k3m a 2nd and 3rd time and it has only reported the "Child process 
> > started..." messages and produced child process zombies.
> 

probably a timeing issue, too.
I guess km3 has problems on fast machines.

	Lars
> 
> The exploit may need to start several child proceesses before one of
> them obtains root priviledges.  If your kernel is vulnerable, you should
> get an "ok!" message after a few attempts (usually works the second or
> third time on my 2.4.20-k7 machine).  
> 
> When run without arguments, the exploit just starts a process, checks
> its priviledges, then kills the processes.  I have not noticed any
> zombie processes after running the exploit - even after running it
> several times.  If you *do* want it to start some processes, there are
> command-line options to do so.  
> 
> 
> > What is that? Is k3m buggy? Very strange...
> > 
> 
> Works great on my machine... unfortunately.  ;)
> 
> - Jon



Reply to: