Bugtraq mailing list archives
Re: Local Root exploit (Fedora Core 4)
From: Joshua Bressers <bressers () redhat com>
Date: Thu, 23 Jun 2005 14:27:43 -0400
Local Root Exploit under Fedora Core 4 (stable) Advisory Florian Strankowski florian.s () bildunxxluecke de www.bildunxxluecke.de/usr/florian/advisory/advisory-05-048.txt Vulnerable System : This vulnerability affects Fedora Core 4.0 (stable) with the kernelversion 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:53:35 EDT 2005 (http://fedora.redhat.com) Vulnerability Title: pwned.c (originally and mods of it) Vulnerability discovery and development: Florian Strankowski discovered this Bug while trying to use a standard sys_uselib for gaining root previlegies under user enviroment in Fedora Core 4. The Bug leads to a poc of gaining access to the /root directory under the Fedora Core 4 System and maybe other ring-0 trees. Affected systems: - Fedora Core 4 (stable,maybe the following (not tested): testing 1, testing 2, testing 3) Vendor notified: Redhat Systems notified but did not publish fix
To my knowledge the Red Hat Security Response Team received no notification of this issue. Please feel free to send all security related information to security () redhat com. The bug the attached exploit tries to leverage has been assigned the name CAN-2004-1235 by MITRE and to my knowledge has been fixed in the 2.6.11 kernel. Since Fedora Core 4 contains a variant of the 2.6.11 kernel it should not be affected. I did compile then run the exploit with no success. If an aspect of this bug has not been correctly fixed, please feel free to contact the Red Hat Security Response Team at the above address. Thanks, Josh -- Josh Bressers // Red Hat Security Response Team
Current thread:
- Local Root exploit (Fedora Core 4) Florian Strankowski (fs) (Jun 23)
- Re: Local Root exploit (Fedora Core 4) Joshua Bressers (Jun 23)
- Re: Local Root exploit (Fedora Core 4) Paul Starzetz (Jun 27)