lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060713031022.GL19843@spoofed.org>
Date: Thu Jul 13 04:10:53 2006
From: jhart at spoofed.org (Jon Hart)
Subject: Re: Linux Kernel 2.6.x PRCTL Core Dump Handling
	- Local r00t Exploit ( BID 18874 / CVE-2006-2451 )

On Thu, Jul 13, 2006 at 01:23:10AM +0300, Ariel Biener wrote:
> On Wednesday 12 July 2006 03:15, Roman Medina-Heigl Hernandez wrote:
> 
> Ignore my previous post, it does create a setuid bash version in /tmp/sh, the 
> reason it doesn't work is due to SELinux contexts.

This is an important note, IMO.   While the original advisory states
that only kernels >= 2.6.13 and <= 2.6.17.4 are vulnerable, it looks
like, somehow, the same vulnerable code is present in patched Redhat
kernels.  The previous poster had a 2.6.9 version, and I've just
verified that 2.6.9-11.ELsmp (provided with RH EL 4 update 1) is also
vulnerable.

If this is the case of backporting, this should come as no surprise.  If
it is not a backport issue, what vulnerability is being exploited on
these supposedly older kernels?

-jon

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ