On Sat, 2003-03-22 at 04:43, Markus Kolb wrote: > Jon wrote: > > [...] > > >> > >>Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > >> > >>=> Simple mode, executing /usr/bin/id > /dev/tty > >>sizeof(shellcode)=95 > >>=> Child process started.......... > >>=> Child process started.......... > > [...] > >> > >>Does this mean the patch I downloaded worked? > > > > > > Yes. > > > > - Jon > > Mmh, well, I have a non-patched 2.4.19 and so there should be the bug. > I've tried the k3m, too. > In my environment it first told me that my kernel is attackable. > I ran k3m a 2nd and 3rd time and it has only reported the "Child process > started..." messages and produced child process zombies.
The exploit may need to start several child proceesses before one of them obtains root priviledges. If your kernel is vulnerable, you should get an "ok!" message after a few attempts (usually works the second or third time on my 2.4.20-k7 machine). When run without arguments, the exploit just starts a process, checks its priviledges, then kills the processes. I have not noticed any zombie processes after running the exploit - even after running it several times. If you *do* want it to start some processes, there are command-line options to do so. > What is that? Is k3m buggy? Very strange... > Works great on my machine... unfortunately. ;) - Jon