[mdlug] Linux root exploit
Clinton V. Weiss
cvweiss at gmail.com
Sun Feb 10 22:07:44 EST 2008
On Sun, Feb 10, 2008 at 9:56 PM, Michael Corral <micorral at comcast.net>
wrote:
> 2008-02-10, Monsieur Clinton V. Weiss a ecrit:
> > I fully agree that this vulnerability is a big deal. But the exploiter
> has
> > to do a couple of things first:
> >
> > 1) Circumvent physical security measures and have local access to your
> > machine, and be able to log in to the machine.
> > 2) Circumvent network security measures and be able to log into your
> machine
> > remotely.
> >
> > If #1 or #2 happens, then with or without this exploit you've got
> problems.
>
> This is a *local* root exploit. I take it you didn't actually read the
> link I gave. ;)
>
> There *are* legitimate multi-user Linux machines out there, by the way.
>
> Michael
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>
You gave a slashdot link, where RTFA isn't required! :)
I've tried two different systems using the instructions provided in another
message: my Gentoo desktop and my Debian VPS server. Slashdot's link to
proof of concept code won't compile on either system, and the concept code
provided in another message compiles on my Debian VPS but doesn't work.
Kind of a bummer I guess, I still haven't gotten my hands on a working Linux
exploit so that I can fully understand and learn how it works.
I used to do that with boot and .exe viruses back in the day. Figuring out
the assembly was a challenge yet fun.
Clinton
--
Clinton V. Weiss
cvweiss at gmail.com
More information about the mdlug
mailing list