[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAExQ7u+2Nbp5LdgHXb9YzSN9WhcyWN3wFFsf32663tsYkYTEEw@mail.gmail.com>
Date: Thu, 21 Nov 2013 03:39:26 -0600
From: adam <iarethebest@...il.com>
To: steve jobs <job.steve@...l.com>
Cc: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>,
"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
support@...erva.com, sales@...erva.com
Subject: Re: Imperva WAF/DAF 9.5 patch8 and 10.0 patch 2
localroot vulnerability
Holy shit you guys, a ghost.
On Wed, Nov 20, 2013 at 9:12 AM, steve jobs <job.steve@...l.com> wrote:
> Imperva use hardened centos 5.4 to run Web Application Firewall and
> Database Activity Monitoring product.
> It could be exploit to get root in the kernel 2.6.18-164.15.1.el5.imp4
> which was built by imperva in 9.5 patch 8 and 10.0 patch 2.
> I hope imperva could upgrade your OS to centos 5.9 with kernel 2.6.18-348
> to keep your system secure.
> Your can check the attachment for details.
>
> [test95p8@...AF ~]$ uname -a
> Linux GFWAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013
> x86_64 x86_64 x86_64 GNU/Linux
> [test95p8@...AF ~]$ cat /etc/redhat-release
> Imperva release 5.4 (Final)
> [test95p8@...AF ~]$ wc -l /etc/shadow
> wc: /etc/shadow: Permission denied
> [test95p8@...AF ~]$ id
> uid=505(test95p8) gid=507(test95p8) groups=507(test95p8)
> [test95p8@...AF ~]$ ./centos54_localroot_exp
> ########snip##############
> sh-3.2# id
> uid=0(root) gid=507(test95p8) groups=507(test95p8)
> sh-3.2# wc -l /etc/shadow
> 40 /etc/shadow
> sh-3.2#
>
> [root@WAF ~]# impctl platform show 2> /dev/null | grep version
> version 10.0.0.2_0
> [root@WAF ~]# uname -a
> Linux WAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013
> x86_64 x86_64 x86_64 GNU/Linux
> [root@WAF ~]# cat /etc/redhat-release
> Imperva release 5.4 (Final)
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists