[16123] in bugtraq
Re: sperl 5.00503 (and newer ;) exploit
daemon@ATHENA.MIT.EDU (Solar Designer)
Tue Aug 8 02:56:14 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <200008071749.VAA10072@false.com>
Date: Mon, 7 Aug 2000 21:49:26 +0400
Reply-To: Solar Designer <solar@FALSE.COM>
From: Solar Designer <solar@FALSE.COM>
X-To: paul.rogers@MIS-CDS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <A5EDA791B1C8D3119F8D006008CEC98F0B077C@itchy.miseurope.co.uk>
from Paul Rogers at "Aug 7, 0 10:29:24 am"
Hi,
> ii) RedHat 6.2 kernel 2.2.16 (P2 266 - 64Mb RAM) with OpenWall patches and
> many other security modifications - now running for over 2 hours and still
> no rootshell - load average of around 10.5 but the system is still usable.
Let me guess: you've placed the exploit script in /tmp? You didn't
have to.
> Or - install the OpenWall patches from www.openwall.com if you're running
> Linux - however please note that this theory requires further testing before
> the i's and t's can be dotted and crossed - no flames please. I shall
> continue to play with it and let the lists know the results.
My patch does nothing to prevent or make it harder to exploit this
kind of vulnerabilities. You should never rely on the "hardening"
features of the patch; they are not meant to be a "solution".
> IMHO, a lesson to be learnt regarding these local exploits is to audit local
> users on a regular basis to ensure where possible that only trusted users
> and/or valid accounts exist on a system.
More importantly, the same policy should apply to SUID/SGID files.
Signed,
Solar Designer
