[mdlug] Linux root exploit

Sun Feb 10 20:53:24 EST 2008

2008-02-10, Monsieur Dave Arbogast a ecrit:
> Tried it on a SuSE 10.x I have - does not work. Of course I have auto
> update enabled ;-) but it looks like that has nothing to do with it now
> working on mine.

What happened when you ran that exploit program as a nonroot user?
At first I thought it didn't work on my F7 system, because I didn't
get a root command prompt (it still showed $ instead of #). But then
I tried a few things that only root can do, and sure enough it worked.
Yikes!

Here's a quick way to test if your system is vulnerable:
1. Download <http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c>
2. gcc -o exploit 27704.c
3. [as non-privileged user] ./exploit
4. Try do do some root stuff.

Michael

>> This looks bad. Affects just about every distro:
>>
>> http://it.slashdot.org/it/08/02/10/2011257.shtml