[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] NEW local exploit

Subject: RE: [cobalt-security] NEW local exploit
From: "Joe Llewelyn" <Joe@xxxxxxxx>
Date: Sun, 15 Apr 2001 15:06:40 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Surely posting the source on here would put most people on this list at
risk - hence the reason why he did not do it in the first place.

He should however contact Cobalt directly with the source itself, and not
ask them to contact him for it..

Joe


-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Adam
Sculthorpe
Sent: 15 April 2001 14:55
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] NEW local exploit



Have you posted this vulnerability to BUGTRAQ or any other sites?

I am happy for you to have discovered a 'nice' new vulnerability but without
either the source code or a full disclosure of what is happening your post
here is pretty useless.

Adam

*********** REPLY SEPARATOR  ***********

On 15/04/2001 at 15:31 Peter Batenburg wrote:

>Hello,
>
>Today i got a nice new local root exploit from a friend of mine. It gives
>local root in an instant with every kernel and setuid executable available
>(even 2.4)
>Proof:
>[host host]$ id
>uid=131(host) gid=100(users) groups=100(users),111(site-adm),119(site8)
>[host host]$ ./prak /usr/bin/crontab
>bug exploited successfully.
>enjoy!
>bash# id
>uid=0(root) gid=0(root) groups=100(users),111(site-adm),119(site8)
>bash#
>
>This is with a RaQ4r: Linux ********** 2.2.14C11 #2 Wed Jun 28 00:55:51
>PDT
>2000 i586 unknown
>
>On a RaQ3: Linux ******** 2.2.14C10 #3 Wed Jun 21 15:05:10 JST 2000 i586
>unknown
>
>[bb@***** bb]$ id
>uid=174(bb) gid=100(users) groups=100(users)
>[bb@***** bb]$ ./prak /usr/bin/crontab
>bug exploited successfully.
>enjoy!
>bash# id
>uid=0(root) gid=0(root) groups=100(users)
>bash#
>
>Hopefully cobalt will release a patched kernel within some weeks.
>People from cobalt can contact me for the source.
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security



_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- RE: [cobalt-security] NEW local exploit
  - From: Gossi The Dog

References:
- Re: [cobalt-security] NEW local exploit
  - From: Adam Sculthorpe

Prev by Date: Re: [cobalt-security] NEW local exploit
Next by Date: Re: [cobalt-security] NEW local exploit
Previous by thread: Re: [cobalt-security] NEW local exploit
Next by thread: RE: [cobalt-security] NEW local exploit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index