Bugtraq mailing list archives

Re: Mandrake 9.0 local root exploit

From: Vincent Danen <vdanen () mandrakesoft com>
Date: Thu, 27 Feb 2003 17:08:35 -0700

On Thu Feb 27, 2003 at 09:43:04PM -0000, Priv8 Security wrote:

------------------------------------------------------------------------------------------------------------------
 Priv8 Security - www.priv8security.com
 
 priv8mdk90.tar.gz - Mandrake 9.0 local root exploit

 Based on Idefense adv.
http://www.idefense.com/advisory/01.21.03.txt
 
 Greets to : coideloko, chroot-, xtc , M|ght, exitus,
overkill, blood_sucker, lkm, Brother
execk, printf, heap, diguin, n4rfy(nordico :ppp) and
all friends of Priv8 security.

OBS. My english sux...
------------------------------------------------------------------------------------------------------------------

 Ok, our goal is to get root by exploiting ml85p thats
suid root by default on mdk 9.0


What Priv8 Security neglected to mention in their advisory is that a fix has
been available since January 21st; the advisory is available here:

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:010

-- 
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD}

Attachment: _bin
Description:

Current thread:

Mandrake 9.0 local root exploit Priv8 Security (Feb 27)
- Re: Mandrake 9.0 local root exploit KF (Feb 28)
- Re: Mandrake 9.0 local root exploit Vincent Danen (Feb 28)