Re: Local Root exploit (Fedora Core 4)

[Joshua Bressers <bressers () redhat com>]

> Local Root Exploit under Fedora Core 4 (stable) Advisory
>
> Florian Strankowski
> florian.s () bildunxxluecke de
> www.bildunxxluecke.de/usr/florian/advisory/advisory-05-048.txt
>
> Vulnerable System :
>
> This vulnerability affects Fedora Core 4.0 (stable) with
> the kernelversion 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:53:35 EDT 2005
> (http://fedora.redhat.com)
>
> Vulnerability Title:
>
> pwned.c (originally and mods of it)
>
>
>
> Vulnerability discovery and development:
>
> Florian Strankowski discovered this Bug while trying to use
> a standard sys_uselib for gaining root previlegies under
> user enviroment in Fedora Core 4.
> The Bug leads to a poc of gaining access to the /root directory
> under the Fedora Core 4 System and maybe other ring-0 trees.
>
> Affected systems:
>
> - Fedora Core 4 (stable,maybe the following (not tested): testing 1, testing 
> 2, testing 3)
>
> Vendor notified:
>
>
> Redhat Systems notified but did not publish fix

To my knowledge the Red Hat Security Response Team received no notification
of this issue.  Please feel free to send all security related information
to security () redhat com.

The bug the attached exploit tries to leverage has been assigned the name
CAN-2004-1235 by MITRE and to my knowledge has been fixed in the 2.6.11
kernel.  Since Fedora Core 4 contains a variant of the 2.6.11 kernel it
should not be affected.  I did compile then run the exploit with no
success.  If an aspect of this bug has not been correctly fixed, please
feel free to contact the Red Hat Security Response Team at the above
address.

Thanks, Josh
-- 
Josh Bressers // Red Hat Security Response Team