Re: root compromise on debian woody

To: debian-user@lists.debian.org
Subject: Re: root compromise on debian woody
From: Selva Nair <selva.nair@gmail.com>
Date: Thu, 26 May 2005 21:01:37 -0400
Message-id: <[🔎] 8752f596050526180178a45bc6@mail.gmail.com>
Reply-to: Selva Nair <selva.nair@gmail.com>
In-reply-to: <[🔎] 20050526222805.GA23796@kitenet.net>
References: <[🔎] 8752f596050526134936f40e67@mail.gmail.com> <[🔎] 20050526222805.GA23796@kitenet.net>

On 5/26/05, Joey Hess <joeyh@debian.org> wrote:
> Selva Nair wrote:

> >    Looking through evidence left behind (bash_history etc..) I have
> > figured out that
> > the privilege escalation was achived using an executable  that the
> > attacker downloaded
> > from the net. I have verified that this binary is indeed capable of
> > giving root shell to any user
> > and it works on two test systems I tried -- one woody and one redhat 7.2.


> 
> Well to choose one security hole at random out of dozens to hundreds
> that remain unfixed in woody's kernels, this one allows anyone to go from
> a normal user account to root:
> 
> CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
>         - kernel-source-2.6.11 2.6.11 2.6.11-4
>         - kernel-source-2.6.8 2.6.8-16
>         - kernel-source-2.4.27 2.4.27-10
> 

I built a new kernel from 2.4.30 sources and the exploit no more works.
Hope this one is safer.

Selva

Reply to:

Follow-Ups:
- Re: root compromise on debian woody
  - From: Alexei Chetroi <alexei.chetroi@lexa.uniflux-line.net>

References:
- root compromise on debian woody
  - From: Selva Nair <selva.nair@gmail.com>
- Re: root compromise on debian woody
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Debian Sarge ver. 17-05-2005, Bad: scheduling while atomic!, whe Iuse 8021q
Next by Date: Re: sarge 3.1 kernel
Previous by thread: Re: root compromise on debian woody
Next by thread: Re: root compromise on debian woody
Index(es):
- Date
- Thread