lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 23 Jun 2005 14:27:43 -0400
From: Joshua Bressers <bressers@...hat.com>
To: "Florian Strankowski (fs)" <florian.s@...dunxxluecke.de>
Cc: bugtraq@...urityfocus.com
Subject: Re: Local Root exploit (Fedora Core 4)


> Local Root Exploit under Fedora Core 4 (stable) Advisory
> 
> Florian Strankowski
> florian.s@...dunxxluecke.de
> www.bildunxxluecke.de/usr/florian/advisory/advisory-05-048.txt
> 
> Vulnerable System :
> 
> This vulnerability affects Fedora Core 4.0 (stable) with
> the kernelversion 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:53:35 EDT 2005
> (http://fedora.redhat.com)
> 
> Vulnerability Title:
> 
> pwned.c (originally and mods of it)
> 
> 
> 
> Vulnerability discovery and development:
> 
> Florian Strankowski discovered this Bug while trying to use
> a standard sys_uselib for gaining root previlegies under
> user enviroment in Fedora Core 4.
> The Bug leads to a poc of gaining access to the /root directory
> under the Fedora Core 4 System and maybe other ring-0 trees.
> 
> Affected systems:
> 
> - Fedora Core 4 (stable,maybe the following (not tested): testing 1, testing 
> 2, testing 3)
> 
> Vendor notified:
> 
> 
> Redhat Systems notified but did not publish fix

To my knowledge the Red Hat Security Response Team received no notification
of this issue.  Please feel free to send all security related information
to security@...hat.com.

The bug the attached exploit tries to leverage has been assigned the name
CAN-2004-1235 by MITRE and to my knowledge has been fixed in the 2.6.11
kernel.  Since Fedora Core 4 contains a variant of the 2.6.11 kernel it
should not be affected.  I did compile then run the exploit with no
success.  If an aspect of this bug has not been correctly fixed, please
feel free to contact the Red Hat Security Response Team at the above
address.

Thanks, Josh
-- 
Josh Bressers // Red Hat Security Response Team

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ