About this list Date view Thread view Subject view Author view Attachment view

From: Christoph Kuhles (ck_at_aquatix.de)
Date: Mon 24 Mar 2003 - 19:07:16 GMT


Hi,

Monday, March 24, 2003, 6:21:23 PM, you wrote:

LMS> I should have given the url to a working exploit on my original post.
LMS> So, here it is:
LMS> http://august.v-lo.krakow.pl/~anszom/km3.c

Hm, I don't seem able to exploit my own machines -

[ck_at_adjana ck]$ uname -a
Linux adjana.aquatix.de 2.4.19-aqx #4 Wed Jan 8 00:59:02 CET 2003 i686 i686 i386 GNU/Linux
[ck_at_adjana ck]$ ./km3
Linux kmod + ptrace local root exploit by <anszom_at_v-lo.krakow.pl>

=> Simple mode, executing /usr/bin/id > /dev/tty
sizeof(shellcode)=95
=> Child process started.+ 11120
- 11120 ok!
uid=0(root) gid=0(root) groups=100(users)
[ck_at_adjana ck]$ whoami
ck

/usr/bin/passwd is setuid root, the box runs 2.4.19 with ctx-15, ricmp
and patch-int from kerneli.org, /proc/sys/kernel/modprobe is set to
/sbin/modprobe. I really wonder why my machine is not vulnerable as I
didn't apply any patches for that. Also module support is enabled in
the running kernel.

Does anyone have details what might have actually 'patched' my system
here? I'm kinda worried if there's any other exploit that might work
on my box, so I'd appreciate any advice.

Thanks,

Chris


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 24 Mar 2003 - 19:26:21 GMT by hypermail 2.1.3