> -----Original Message----- > From: SB CH [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 20, 2003 9:32 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: latest ptrace hole patch? > > Hello, list. > > I downloaded hardlock patch too like below. > http://www.hardrock.org/kernel/2.4.20/linux-2.4.20-ptrace.patch > > But I can gain root privilege too against this patched kernel too. > > please test the exploit code which is at http://www.hack.co.za/
I tested the exploited previously posted to bugtraq (km3.c) by [EMAIL PROTECTED] against a variety of Linux machines (Slackware 8.0, Red Hat Linux 7.0, multiple Debian 3.0) and each one was exploitable when using the stock kernels. I applied this same patch to two of my Debian 3.0 machines and recompiled their kernels. Neither appear vulnerable to this exploit now. With the patched kernels, running the above-mentioned exploit simply results in it repeatedly forking. Unpatched Red Hat Linux 7.0 with stock kernel: [EMAIL PROTECTED]:pts/1:~/security]$ ./km3 Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> => Simple mode, executing /usr/bin/id > /dev/tty sizeof(shellcode)=95 => Child process started.+ 27934 uid=0(root) gid=0(root) groups=1002(jeremy) - 27934 ok! [EMAIL PROTECTED]:pts/1:~/security]$ Patched (using above patch) Debian Linux 3.0: [EMAIL PROTECTED]:pts/0:~/security]$ ./km3 Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> => Simple mode, executing /usr/bin/id > /dev/tty sizeof(shellcode)=95 => Child process started.......... => Child process started.......... => Child process started.......... => Child process started.......... => Child process started.......... => Child process started.......... => Child process started.......... => Child process started. (^C issued at this point) [EMAIL PROTECTED]:pts/0:~/security]$ I didn't test any exploit available at www.hack.co.za as I wasn't able to connect to that webserver for an unknown reason. j. -- Jeremy L. Gaddis <[EMAIL PROTECTED]> <http://www.gaddis.org>
