Hi! I don´t think that there´re many of you who´re stull running slink and/ or 2.0.x.kernels. But, since one of my boxen (which is since physically offline) was r00ted not that long ago, I thought a warning would be due. 2.0.38 and at least 2.2.18[0] - kernels are vulnerable to get r00ted via any shell-account. So, for those of you who are blessed with shell-users, chroot(), jail(), or <$whatever> them. Just don´t let them create (&run) executables on your boxen. 0: http://www.securiteam.com/exploits/5NP061P4AW.html *Not* funny, but here´s my log: ----- waldner@ka:~$ ls -la ~<user>/ -rwxr-xr-x 1 <user> guests 993985 Jul 5 23:14 epcs hmm, http://www.securiteam.com/exploits/5NP061P4AW.html . waldner@ka:~$ cp ~<user>/epcs . waldner@ka:~$ ./epcs bug exploited successfully. enjoy! sh-2.03# touch /etc/passwd sh-2.03# ----- (wrote a complaint to the luser, citing that tomorrow(tm) I´d re-build the box. no 10 minutes later, box starts to mis-behave (portscanning et al), well, and has to be taken offline. sheesh). And yes, you´re likely to be vulnerable. Just get those shell-enabled lusers off your systems... <cite above URL> This exploit does not work on 2.4.x because kernel won't set suid * privileges if user ptraces a binary. * But it is still exploitable on these kernels. </cite> cheers, &rw -- -- You have the capacity to learn from mistakes. -- You'll learn a lot today. ----
Attachment:
pgp_2wl9N95FG.pgp
Description: PGP signature