[mdlug] Linux root exploit
Dave Arbogast
mdlug3 at arb.net
Sun Feb 10 22:11:47 EST 2008
Clinton V. Weiss wrote:
>On Sun, Feb 10, 2008 at 8:53 PM, Michael Corral <micorral at comcast.net>
>wrote:
>
>
>
>>2008-02-10, Monsieur Dave Arbogast a ecrit:
>>
>>
>>>Tried it on a SuSE 10.x I have - does not work. Of course I have auto
>>>update enabled ;-) but it looks like that has nothing to do with it now
>>>working on mine.
>>>
>>>
>>What happened when you ran that exploit program as a nonroot user?
>>At first I thought it didn't work on my F7 system, because I didn't
>>get a root command prompt (it still showed $ instead of #). But then
>>I tried a few things that only root can do, and sure enough it worked.
>>Yikes!
>>
>>Here's a quick way to test if your system is vulnerable:
>>1. Download <
>>http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c>
>>2. gcc -o exploit 27704.c
>>3. [as non-privileged user] ./exploit
>>4. Try do do some root stuff.
>>
>>
>>
>
>I tried this and all I get is a compile error with step 2. I guess that's a
>good thing?
>
>(running Gentoo stable)
>
>Clinton
>
>
>
Try it again Clinton - I got that the first time too. Second time I got
a root prompt.
It is a big deal if you have other users on your system that have a shell.
-dave
More information about the mdlug
mailing list