Re: =?ISO-8859-15?Q?[HS_?]_Re:_D=E9tails_de_la_compromission_d?= es serveurs Debian.org
In article <XVca.email@example.com>, firstname.lastname@example.org says...
->Salut à tous,
->Quel programme a été "exploité" ?
Extrait du mail envoyé sur "email@example.com"
par "firstname.lastname@example.org "
Recently multiple servers of the Debian project were compromised
using a Debian developers account and an unknown root exploit.
Forensics revealed a burneye encrypted exploit. Robert van der
Meulen managed to decrypt the binary which revealed a kernel
exploit. Study of the exploit by the RedHat and SuSE kernel and
security teams quickly revealed that the exploit used an integer
overflow in the brk system call. Using this bug it is possible
for a userland program to trick the kernel into giving access to
the full kernel address space. This problem was found in
September by Andrew Morton, but unfortunately that was too late
for the 2.4.22 kernel release.
This bug has been fixed in kernel version 2.4.23 for the 2.4
tree and 2.6.0-test6 kernel tree. For Debian it has been fixed
in version 2.4.18-12 of the kernel source packages, version
2.4.18-14 of the i386 kernel images and version 2.4.18-11 of the
alpha kernel images.
Est ce que cet exploit est réalisable en remote ou faut-il avoir
un compte local sur la machine?