[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
- Subject: Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Fri, 27 Apr 2001 03:05:40 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 27 Apr 2001, Dennis Koster wrote:
> On Thu, Apr 26, 2001 at 11:05:21AM -0700, shimi wrote:
> > If you'll read what's posted in the download page, they said the bugs of
> > the ptrace() and sysctl() functions have been fixed there. If Cobalt
> > keeps their former way of deploying Linux, they manually twaeak the kernel
> > to fit to what they need... so... it's not rootable.
>
> If its not rootable, may I have a shell on your box then?
>
> small example (again)
>
> <dennis@dedicated:dennis> uname -r
> 2.2.16C24_III
> <dennis@dedicated:dennis> id
> uid=180(dennis) gid=100(users) groups=100(users),10(wheel),111(site-adm),112(site1)
> <dennis@dedicated:dennis> ./epcs /usr/bin/gpasswd
> bug exploited successfully.
> enjoy!
> bash# id
> uid=0(root) gid=0(root) groups=100(users),10(wheel),111(site-adm),112(site1)
> bash#
> bash# cat /proc/cpuinfo | grep system
> system type : RaQ3/4
>
> HTH HAND and give us a real kernel upgrade / patch!
>
-- first, I sent that message BEFORE I got the mail with the exploit
from you..
second, I know for myself that all below 2.2.19 are vuln, but, since I
know that cobalt modified the kernel source (they do that, for faster
communications, bandwidth management and some other stuff), and they SAID
they manually fixed that bug (I believe Jeff Lovell was the one who said
it) - so I thought they know what they're saying...
Still, the whole purpose of that kernel release, was, according to the
downloads page, to fix those security issues. perhaps they put the wrong
binary, who knows :)
Did you test the exploits of the two bugs?
- shimi.