Re: root compromise on debian woody
On 5/26/05, Joey Hess <joeyh@debian.org> wrote:
> Selva Nair wrote:
> > I have taken the system off the net and am in the process of
> > re-installing but the existence
> > of such an easy to use and effective privilege escalation kit is
> > quite disturbing. As I have only access to the binary left behind by
> > the attacker I'm pretty clueless as to how the exploit works.
> > Although pretty well familiar with Linux and have been running servers
> > for several years,
> > this is the first time facing a root exploit, so I'm rather clueless
> > as to what to do.
> >
> > Any advice would be highly appreciated.
>
> Well to choose one security hole at random out of dozens to hundreds
> that remain unfixed in woody's kernels, this one allows anyone to go from
> a normal user account to root:
>
> CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
> - kernel-source-2.6.11 2.6.11 2.6.11-4
> - kernel-source-2.6.8 2.6.8-16
> - kernel-source-2.4.27 2.4.27-10
>
So which kernel version would you recommend?
Selva
Reply to: