Bugtraq mailing list archives
Re: sperl 5.00503 (and newer ;) exploit
From: Solar Designer <solar () FALSE COM>
Date: Mon, 7 Aug 2000 21:49:26 +0400
Hi,
ii) RedHat 6.2 kernel 2.2.16 (P2 266 - 64Mb RAM) with OpenWall patches and many other security modifications - now running for over 2 hours and still no rootshell - load average of around 10.5 but the system is still usable.
Let me guess: you've placed the exploit script in /tmp? You didn't have to.
Or - install the OpenWall patches from www.openwall.com if you're running Linux - however please note that this theory requires further testing before the i's and t's can be dotted and crossed - no flames please. I shall continue to play with it and let the lists know the results.
My patch does nothing to prevent or make it harder to exploit this kind of vulnerabilities. You should never rely on the "hardening" features of the patch; they are not meant to be a "solution".
IMHO, a lesson to be learnt regarding these local exploits is to audit local users on a regular basis to ensure where possible that only trusted users and/or valid accounts exist on a system.
More importantly, the same policy should apply to SUID/SGID files. Signed, Solar Designer
Current thread:
- Re: sperl 5.00503 (and newer ;) exploit, (continued)
- Re: sperl 5.00503 (and newer ;) exploit Michal Zalewski (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Olaf Kirch (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Joey Hess (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Pixel (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Francis J. Lacoste (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Greg A. Woods (Aug 09)
- Re: sperl 5.00503 (and newer ;) exploit Thomas Roessler (Aug 10)
- Re: sperl 5.00503 (and newer ;) exploit H. Peter Anvin (Aug 11)
- Re: sperl 5.00503 (and newer ;) exploit Olaf Kirch (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Michal Zalewski (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Solar Designer (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Matthew Kirkwood (Aug 08)
- Re: sperl 5.00503 (and newer ;) exploit Randal L. Schwartz (Aug 10)