[29100] in bugtraq
Re: Mandrake 9.0 local root exploit
daemon@ATHENA.MIT.EDU (Vincent Danen)
Fri Feb 28 18:02:55 2003
Date: Thu, 27 Feb 2003 17:08:35 -0700
From: Vincent Danen <vdanen@mandrakesoft.com>
To: Priv8 Security <xtc@priv8security.com>
Message-ID: <20030228000835.GN16238@mandrakesoft.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="AIVxJgaslCM/0U4c"
Content-Disposition: inline
In-Reply-To: <20030227214304.9023.qmail@www.securityfocus.com>
--AIVxJgaslCM/0U4c
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu Feb 27, 2003 at 09:43:04PM -0000, Priv8 Security wrote:
> -------------------------------------------------------------------------=
-----------------------------------------
> Priv8 Security - www.priv8security.com
> =20
> priv8mdk90.tar.gz - Mandrake 9.0 local root exploit
>=20
> Based on Idefense adv.
> http://www.idefense.com/advisory/01.21.03.txt
> =20
> Greets to : coideloko, chroot-, xtc , M|ght, exitus,
> overkill, blood_sucker, lkm, Brother
> execk, printf, heap, diguin, n4rfy(nordico :ppp) and
> all friends of Priv8 security.
>=20
> OBS. My english sux...
> -------------------------------------------------------------------------=
-----------------------------------------
>=20
> Ok, our goal is to get root by exploiting ml85p thats
> suid root by default on mdk 9.0
What Priv8 Security neglected to mention in their advisory is that a fix has
been available since January 21st; the advisory is available here:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=3DMDKSA-2003:=
010
--=20
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
--AIVxJgaslCM/0U4c
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE+XqiDIEPQ5f5vKv0RAoY7AJ9yGq1mv6i3jMWzVXrpV0yyj3huzQCfdJhn
XEILdTVUFsKRIRHyP0EHKII=
=wD9m
-----END PGP SIGNATURE-----
--AIVxJgaslCM/0U4c--
