[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?

To: suse-security@xxxxxxxx
Subject: Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
From: Andreas <andreas@xxxxxxxxxxxxxxxx>
Date: Mon, 1 Dec 2003 11:36:34 -0200
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Mon, 01 Dec 2003 14:37:23 +0100
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <20031130004823.I7509@xxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <20031130004823.I7509@xxxxxxxxxxxxx>
User-agent: Mutt/1.5.5.1i

On Sun, Nov 30, 2003 at 12:48:23AM +0100, Olivier M. wrote:
> sh-2.05b# id
> uid=0(root2) gid=0(root) groups=500(nofiles)
> sh-2.05b# 
> Well... I thought that ptrace problem has been fixed... ? 
> (in suse 8.2 it's fine, the exploit is not working)

At least one of the exploits currently in the wild make the exploit
binary suid root after working for the first time. So, if you boot
an old kernel, run the exploit (it works), then boot the fixed kernel
and run the exploit again, you will get root again, but because of
the SUID root bit. You might want to check if this is not the case.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Prev by Date: Re: [suse-security] Forward requests
Next by Date: [suse-security] IPTables and GRE Packets
Previous by thread: Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
Next by thread: Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
Index(es):
- Date
- Thread