[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] NEW local exploit
- Subject: Re: [cobalt-security] NEW local exploit
- From: "Adam Sculthorpe" <sculthorpe@xxxxxxxxxxxxx>
- Date: Sun, 15 Apr 2001 14:54:46 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Have you posted this vulnerability to BUGTRAQ or any other sites?
I am happy for you to have discovered a 'nice' new vulnerability but without
either the source code or a full disclosure of what is happening your post
here is pretty useless.
Adam
*********** REPLY SEPARATOR ***********
On 15/04/2001 at 15:31 Peter Batenburg wrote:
>Hello,
>
>Today i got a nice new local root exploit from a friend of mine. It gives
>local root in an instant with every kernel and setuid executable available
>(even 2.4)
>Proof:
>[host host]$ id
>uid=131(host) gid=100(users) groups=100(users),111(site-adm),119(site8)
>[host host]$ ./prak /usr/bin/crontab
>bug exploited successfully.
>enjoy!
>bash# id
>uid=0(root) gid=0(root) groups=100(users),111(site-adm),119(site8)
>bash#
>
>This is with a RaQ4r: Linux ********** 2.2.14C11 #2 Wed Jun 28 00:55:51
>PDT
>2000 i586 unknown
>
>On a RaQ3: Linux ******** 2.2.14C10 #3 Wed Jun 21 15:05:10 JST 2000 i586
>unknown
>
>[bb@***** bb]$ id
>uid=174(bb) gid=100(users) groups=100(users)
>[bb@***** bb]$ ./prak /usr/bin/crontab
>bug exploited successfully.
>enjoy!
>bash# id
>uid=0(root) gid=0(root) groups=100(users)
>bash#
>
>Hopefully cobalt will release a patched kernel within some weeks.
>People from cobalt can contact me for the source.
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security