[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] NEW local exploit

Subject: [cobalt-security] NEW local exploit
From: Peter Batenburg <peter@xxxxxxxxxx>
Date: Sun, 15 Apr 2001 15:31:27 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello,

Today i got a nice new local root exploit from a friend of mine. It giveslocal root in an instant with every kernel and setuid executable available(even 2.4)

Proof:
[host host]$ id
uid=131(host) gid=100(users) groups=100(users),111(site-adm),119(site8)
[host host]$ ./prak /usr/bin/crontab
bug exploited successfully.
enjoy!
bash# id
uid=0(root) gid=0(root) groups=100(users),111(site-adm),119(site8)
bash#

This is with a RaQ4r: Linux ********** 2.2.14C11 #2 Wed Jun 28 00:55:51 PDT2000 i586 unknown

On a RaQ3: Linux ******** 2.2.14C10 #3 Wed Jun 21 15:05:10 JST 2000 i586unknown


[bb@***** bb]$ id
uid=174(bb) gid=100(users) groups=100(users)
[bb@***** bb]$ ./prak /usr/bin/crontab
bug exploited successfully.
enjoy!
bash# id
uid=0(root) gid=0(root) groups=100(users)
bash#

Hopefully cobalt will release a patched kernel within some weeks.
People from cobalt can contact me for the source.

Follow-Ups:
- Re: [cobalt-security] NEW local exploit
  - From: Adam Sculthorpe

Prev by Date: Re: [cobalt-security] oracle web site / database security
Next by Date: Re: [cobalt-security] NEW local exploit
Previous by thread: [cobalt-security] RE: Forcing secure login to Qube3?
Next by thread: Re: [cobalt-security] NEW local exploit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index