[mdlug] Linux root exploit
Jesse J. Salens
jjsalens at typotech.net
Sun Feb 10 21:45:03 EST 2008
7
Michael Corral wrote:
> 2008-02-10, Monsieur Dave Arbogast a ecrit:
>
>> Tried it on a SuSE 10.x I have - does not work. Of course I have auto
>> update enabled ;-) but it looks like that has nothing to do with it now
>> working on mine.
>>
>
> What happened when you ran that exploit program as a nonroot user?
> At first I thought it didn't work on my F7 system, because I didn't
> get a root command prompt (it still showed $ instead of #). But then
> I tried a few things that only root can do, and sure enough it worked.
> Yikes!
>
> Here's a quick way to test if your system is vulnerable:
> 1. Download <http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c>
> 2. gcc -o exploit 27704.c
> 3. [as non-privileged user] ./exploit
> 4. Try do do some root stuff.
>
> Michael
>
>
>>> This looks bad. Affects just about every distro:
>>>
>>> http://it.slashdot.org/it/08/02/10/2011257.shtml
>>>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>
It didn't work on my Fedora 8 box the first time, just caused a kernel
oops and syslogd spit up on my screen. The second time I compiled and
ran it, I was given a root prompt.
-Jesse
More information about the mdlug
mailing list