Re: Exploit for Mandrake 6.1 (PAM/userhelper bug)

[darron () FROESE ORG (Darron Froese)]

on 3/14/00 5:14 PM, Paulo Ribeiro at prrar () NITNET COM BR wrote:

> * DESCRIPTION:
> * -----------
> * Mandrake Linux 6.1 has the same problem as Red Hat Linux 6.x but its
> * exploit (pamslam.sh) doesn't work on it (at least on my machine). So,
> * I created this C program based on it which exploits PAM/userhelper
> * and gives you UID 0.
> *
> * SYSTEMS TESTED:
> * --------------
> * Red Hat Linux 6.0, Red Hat Linux 6.1, Mandrake Linux 6.1.
> *
> * RESULTS:
> * -------
> * [prrar@linux prrar]$ id
> * uid=501(prrar) gid=501(prrar) groups=501(prrar)
> * [prrar@linux prrar]$ gcc pam-mdk.c -o pam-mdk
> * [prrar@linux prrar]$ ./pam-mdk
> * sh-2.03# id

It appears that Mandrake 6.0 is vulnerable too:

[darron@maul darron]$ gcc pam-mdk.c -o pam-mdk
[darron@maul darron]$ ./pam-mdk
sh-2.03# id
uid=0(root) gid=502(admin) groups=502(admin)
sh-2.03#
[darron@maul /etc]$ cat mandrake-release
Linux Mandrake release 6.0 (Venus)

--
Darron
darron () froese org
<http://darron.froese.org/>