Re: root compromise on debian woody

To: debian-user@lists.debian.org
Subject: Re: root compromise on debian woody
From: Selva Nair <selva.nair@gmail.com>
Date: Thu, 26 May 2005 19:46:06 -0400
Message-id: <[🔎] 8752f5960505261646fe5e3c5@mail.gmail.com>
Reply-to: Selva Nair <selva.nair@gmail.com>
In-reply-to: <[🔎] 20050526222805.GA23796@kitenet.net>
References: <[🔎] 8752f596050526134936f40e67@mail.gmail.com> <[🔎] 20050526222805.GA23796@kitenet.net>

On 5/26/05, Joey Hess <joeyh@debian.org> wrote:
> Selva Nair wrote:

> > I have taken the system off the net and am in the process of
> > re-installing but the existence
> > of such an easy to use and effective  privilege escalation kit is
> > quite disturbing. As I have only access to the binary left behind by
> > the attacker I'm pretty clueless as to how the exploit works.
> > Although pretty well familiar with Linux and have been running servers
> > for several years,
> > this is the first time facing a root exploit, so I'm rather clueless
> > as to what to do.
> >
> > Any advice would be highly appreciated.
> 
> Well to choose one security hole at random out of dozens to hundreds
> that remain unfixed in woody's kernels, this one allows anyone to go from
> a normal user account to root:
> 
> CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
>         - kernel-source-2.6.11 2.6.11 2.6.11-4
>         - kernel-source-2.6.8 2.6.8-16
>         - kernel-source-2.4.27 2.4.27-10
> 

So which kernel version would you recommend?

Selva

Reply to:

Follow-Ups:
- Re: root compromise on debian woody
  - From: Alvin Oga <aoga@mail.Linux-Consulting.com>

References:
- root compromise on debian woody
  - From: Selva Nair <selva.nair@gmail.com>
- Re: root compromise on debian woody
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: glibc, mallinfo
Next by Date: Re: Please add support for Broadcom 440x NIC to sarge release
Previous by thread: Re: root compromise on debian woody
Next by thread: Re: root compromise on debian woody
Index(es):
- Date
- Thread