[mdlug] Linux root exploit

[Dave Arbogast]

When I tried it again, su resulted in Root prompt w/o password. Yes, 
root worked at this point.

-dave

Michael wrote:

>Could this be a point for sudo instead of su? (Does this work with root
>turned off?)
>
>On Feb 10, 2008 10:11 PM, Dave Arbogast <mdlug3 at arb.net> wrote:
>
>  
>
>>Clinton V. Weiss wrote:
>>
>>    
>>
>>>On Sun, Feb 10, 2008 at 8:53 PM, Michael Corral <micorral at comcast.net>
>>>wrote:
>>>
>>>
>>>
>>>      
>>>
>>>>2008-02-10, Monsieur Dave Arbogast a ecrit:
>>>>
>>>>
>>>>        
>>>>
>>>>>Tried it on a SuSE 10.x I have - does not work. Of course I have auto
>>>>>update enabled ;-) but it looks like that has nothing to do with it now
>>>>>working on mine.
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>What happened when you ran that exploit program as a nonroot user?
>>>>At first I thought it didn't work on my F7 system, because I didn't
>>>>get a root command prompt (it still showed $ instead of #). But then
>>>>I tried a few things that only root can do, and sure enough it worked.
>>>>Yikes!
>>>>
>>>>Here's a quick way to test if your system is vulnerable:
>>>>1. Download <
>>>>http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c>
>>>>2. gcc -o exploit 27704.c
>>>>3. [as non-privileged user] ./exploit
>>>>4. Try do do some root stuff.
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>I tried this and all I get is a compile error with step 2.  I guess
>>>      
>>>
>>that's a
>>    
>>
>>>good thing?
>>>
>>>(running Gentoo stable)
>>>
>>>Clinton
>>>
>>>
>>>
>>>      
>>>
>>Try it again Clinton - I got that the first time too. Second time I got
>>a root prompt.
>>
>>It is a big deal if you have other users on your system that have a shell.
>>
>>-dave
>>_______________________________________________
>>mdlug mailing list
>>mdlug at mdlug.org
>>http://mdlug.org/mailman/listinfo/mdlug
>>
>>    
>>
>_______________________________________________
>mdlug mailing list
>mdlug at mdlug.org
>http://mdlug.org/mailman/listinfo/mdlug
>  
>