Re: root compromise on debian woody
On 5/26/05, Joey Hess <joeyh@debian.org> wrote:
> Selva Nair wrote:
> > Looking through evidence left behind (bash_history etc..) I have
> > figured out that
> > the privilege escalation was achived using an executable that the
> > attacker downloaded
> > from the net. I have verified that this binary is indeed capable of
> > giving root shell to any user
> > and it works on two test systems I tried -- one woody and one redhat 7.2.
>
> Well to choose one security hole at random out of dozens to hundreds
> that remain unfixed in woody's kernels, this one allows anyone to go from
> a normal user account to root:
>
> CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
> - kernel-source-2.6.11 2.6.11 2.6.11-4
> - kernel-source-2.6.8 2.6.8-16
> - kernel-source-2.4.27 2.4.27-10
>
I built a new kernel from 2.4.30 sources and the exploit no more works.
Hope this one is safer.
Selva
Reply to: