[mdlug] Linux root exploit
Clinton V. Weiss
cvweiss at gmail.com
Sun Feb 10 21:53:30 EST 2008
On Sun, Feb 10, 2008 at 8:53 PM, Michael Corral <micorral at comcast.net>
wrote:
> 2008-02-10, Monsieur Dave Arbogast a ecrit:
> > Tried it on a SuSE 10.x I have - does not work. Of course I have auto
> > update enabled ;-) but it looks like that has nothing to do with it now
> > working on mine.
>
> What happened when you ran that exploit program as a nonroot user?
> At first I thought it didn't work on my F7 system, because I didn't
> get a root command prompt (it still showed $ instead of #). But then
> I tried a few things that only root can do, and sure enough it worked.
> Yikes!
>
> Here's a quick way to test if your system is vulnerable:
> 1. Download <
> http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c>
> 2. gcc -o exploit 27704.c
> 3. [as non-privileged user] ./exploit
> 4. Try do do some root stuff.
>
I tried this and all I get is a compile error with step 2. I guess that's a
good thing?
(running Gentoo stable)
Clinton
--
Clinton V. Weiss
cvweiss at gmail.com
More information about the mdlug
mailing list