[mdlug] Linux root exploit
Robert Meier
list1c30fe42 at bellsouth.net
Mon Feb 11 00:00:43 EST 2008
Ray,
>> After compiling and executing the exploit, I could not read root files.
>> My SuSE kernel does not have the feature reportedly exploited.
> How did you determine [you did not have the feature reportedly exploited]?
My principle method was of course to try the exploit before and after
hearing others' reports on its symptoms.
My preliminary method was to search the kernel source code for "vmsplice",
the feature named by slashdot, LWM, and Milw0rm.
> Does this exploit have to be compiled on the same system as it is to run,
> or against the same header files,
No.
> ... or just with the same library versions?
or reasonbly close versions. I don't know how sensitive the exploit is
to the libraries used, but since I didn't see it mentioned during my
limited googling, I suspect library versions are not an issue,
but kernel source version 2.6.17 - 2.6.24.1 is an issue.
On offlist request, I'll send you an rpm off list.
Reporting,
--
Bob
"A year spent in artificial intelligence,
is enough to make one believe in God."
-- Alan Perlis
More information about the mdlug
mailing list