Re: PTRACE Fixed?
On Sat, Mar 22, 2003 at 10:58:24AM -0800, Jon wrote: > On Sat, 2003-03-22 at 04:43, Markus Kolb wrote: > > Jon wrote: > > > > [...] > > > > >> > > >>Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > > >> > > >>=> Simple mode, executing /usr/bin/id > /dev/tty > > >>sizeof(shellcode)=95 > > >>=> Child process started.. > > >>=> Child process started.. > > > > [...] > > >> > > >>Does this mean the patch I downloaded worked? > > > > > > > > > Yes. > > > > > > - Jon > > > > Mmh, well, I have a non-patched 2.4.19 and so there should be the bug. > > I've tried the k3m, too. > > In my environment it first told me that my kernel is attackable. > > I ran k3m a 2nd and 3rd time and it has only reported the "Child process > > started..." messages and produced child process zombies. > probably a timeing issue, too. I guess km3 has problems on fast machines. Lars > > The exploit may need to start several child proceesses before one of > them obtains root priviledges. If your kernel is vulnerable, you should > get an "ok!" message after a few attempts (usually works the second or > third time on my 2.4.20-k7 machine). > > When run without arguments, the exploit just starts a process, checks > its priviledges, then kills the processes. I have not noticed any > zombie processes after running the exploit - even after running it > several times. If you *do* want it to start some processes, there are > command-line options to do so. > > > > What is that? Is k3m buggy? Very strange... > > > > Works great on my machine... unfortunately. ;) > > - Jon
Re: PTRACE Fixed?
On Sat, Mar 22, 2003 at 10:58:24AM -0800, Jon wrote: > On Sat, 2003-03-22 at 04:43, Markus Kolb wrote: > > Jon wrote: > > > > [...] > > > > >> > > >>Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > > >> > > >>=> Simple mode, executing /usr/bin/id > /dev/tty > > >>sizeof(shellcode)=95 > > >>=> Child process started.. > > >>=> Child process started.. > > > > [...] > > >> > > >>Does this mean the patch I downloaded worked? > > > > > > > > > Yes. > > > > > > - Jon > > > > Mmh, well, I have a non-patched 2.4.19 and so there should be the bug. > > I've tried the k3m, too. > > In my environment it first told me that my kernel is attackable. > > I ran k3m a 2nd and 3rd time and it has only reported the "Child process > > started..." messages and produced child process zombies. > probably a timeing issue, too. I guess km3 has problems on fast machines. Lars > > The exploit may need to start several child proceesses before one of > them obtains root priviledges. If your kernel is vulnerable, you should > get an "ok!" message after a few attempts (usually works the second or > third time on my 2.4.20-k7 machine). > > When run without arguments, the exploit just starts a process, checks > its priviledges, then kills the processes. I have not noticed any > zombie processes after running the exploit - even after running it > several times. If you *do* want it to start some processes, there are > command-line options to do so. > > > > What is that? Is k3m buggy? Very strange... > > > > Works great on my machine... unfortunately. ;) > > - Jon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [despammed] Re: PTRACE Fixed?
Saturday, March 22, 2003, 7:04:19 PM, Siegbert Baude (Siegbert) wrote: >> Here you'll find a kernel source tree patched against the PTrace bug: >> ftp://ftp.debian.org/debian/pool/main/k/kernel-source-2.4.20/kernel-sourc >> e-2.4.20_2.4.20-3woody.3_all.deb Siegbert> I always install my kernel-sources by hand, but out of curiosity, could I Siegbert> get this by means of apt? Those are not fixed, I believe. The fixed kernels are in the proposed updates for stable. --- | Eddie J Schwartz <[EMAIL PROTECTED]> http://www.m00.net | | AIM: The Cypher ICQ: 35576339 YHOO: edmcman2 MSN:[EMAIL PROTECTED] | | SMS: [EMAIL PROTECTED] "We Trills have an expression-- | | at forty, you think you know everything. At four hundred | | hundred, you realize you know nothing." - Dax, ST-DS9 | ---
Re: PTRACE Fixed?
Hi, Here you'll find a kernel source tree patched against the PTrace bug: ftp://ftp.debian.org/debian/pool/main/k/kernel-source-2.4.20/kernel-sourc e-2.4.20_2.4.20-3woody.3_all.deb I always install my kernel-sources by hand, but out of curiosity, could I get this by means of apt? # apt-cache search kernel-source kernel-source-2.2.22 - Linux kernel source for version 2.2.22 kernel-source-2.4.10 - Linux kernel source for version 2.4.10 kernel-source-2.4.14 - Linux kernel source for version 2.4.14 kernel-source-2.4.16 - Linux kernel source for version 2.4.16 kernel-source-2.4.17 - Linux kernel source for version 2.4.17 kernel-source-2.4.17-hppa - Linux kernel source for version 2.4.17 on HPPA kernel-source-2.4.17-ia64 - Linux kernel source for version 2.4.17 on IA-64 kernel-source-2.4.18 - Linux kernel source for version 2.4.18 kernel-source-2.4.18-hppa - Linux kernel source for version 2.4.18 on HPPA freeswan - IPSEC utilities for FreeSWan # Why ist the above mentioned package not listed in apt-cache? If I would apt-get install some-available-debian-kernel-source-package, would this imply any security patches or just the unpatched stock kernel-sources? The output of apt-cache, doesn't indicate this. Ciao Siegbert
Re: PTRACE Fixed?
* Matteo Moro <[EMAIL PROTECTED]> wrote: > "Laurent Tickle" <[EMAIL PROTECTED]> wrote: > > [...] a patch who work on Kernel 2.2.X and 2.4.X ;) > > It's 2.4.20 only... :-P That bug was the reason why 2.2.25 was released.
Re: PTRACE Fixed?
Thanks, but I have updated my Kernel to 2.2.25 + patch and the bug don't seem to work. - Original Message - From: "Matteo Moro" <[EMAIL PROTECTED]> To: Sent: Saturday, March 22, 2003 8:11 PM Subject: Re: PTRACE Fixed? > On Sat, 22 Mar 2003 17:49:55 +0100 > "Laurent Tickle" <[EMAIL PROTECTED]> wrote: > > > > [...] patch for the PTrace bug ? > > > Here you'll find a kernel source tree patched against the PTrace bug: > ftp://ftp.debian.org/debian/pool/main/k/kernel-source-2.4.20/kernel-source-2 .4.20_2.4.20-3woody.3_all.deb > > > > > [...] a patch who work on Kernel 2.2.X and 2.4.X ;) > > > It's 2.4.20 only... :-P > > ciao. > TeO:-) > > -- > TeO:-) ... ICQ#91902715 > http://www.matteomoro.net/ > "Il 90% dei problemi di un PC > sta tra la tastiera e la sedia" > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.463 / Virus Database: 262 - Release Date: 17/03/2003
Re: [despammed] Re: PTRACE Fixed?
Saturday, March 22, 2003, 7:04:19 PM, Siegbert Baude (Siegbert) wrote: >> Here you'll find a kernel source tree patched against the PTrace bug: >> ftp://ftp.debian.org/debian/pool/main/k/kernel-source-2.4.20/kernel-sourc >> e-2.4.20_2.4.20-3woody.3_all.deb Siegbert> I always install my kernel-sources by hand, but out of curiosity, could I Siegbert> get this by means of apt? Those are not fixed, I believe. The fixed kernels are in the proposed updates for stable. --- | Eddie J Schwartz <[EMAIL PROTECTED]> http://www.m00.net | | AIM: The Cypher ICQ: 35576339 YHOO: edmcman2 MSN:[EMAIL PROTECTED] | | SMS: [EMAIL PROTECTED] "We Trills have an expression-- | | at forty, you think you know everything. At four hundred | | hundred, you realize you know nothing." - Dax, ST-DS9 | --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
Hi, Here you'll find a kernel source tree patched against the PTrace bug: ftp://ftp.debian.org/debian/pool/main/k/kernel-source-2.4.20/kernel-sourc e-2.4.20_2.4.20-3woody.3_all.deb I always install my kernel-sources by hand, but out of curiosity, could I get this by means of apt? # apt-cache search kernel-source kernel-source-2.2.22 - Linux kernel source for version 2.2.22 kernel-source-2.4.10 - Linux kernel source for version 2.4.10 kernel-source-2.4.14 - Linux kernel source for version 2.4.14 kernel-source-2.4.16 - Linux kernel source for version 2.4.16 kernel-source-2.4.17 - Linux kernel source for version 2.4.17 kernel-source-2.4.17-hppa - Linux kernel source for version 2.4.17 on HPPA kernel-source-2.4.17-ia64 - Linux kernel source for version 2.4.17 on IA-64 kernel-source-2.4.18 - Linux kernel source for version 2.4.18 kernel-source-2.4.18-hppa - Linux kernel source for version 2.4.18 on HPPA freeswan - IPSEC utilities for FreeSWan # Why ist the above mentioned package not listed in apt-cache? If I would apt-get install some-available-debian-kernel-source-package, would this imply any security patches or just the unpatched stock kernel-sources? The output of apt-cache, doesn't indicate this. Ciao Siegbert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
* Matteo Moro <[EMAIL PROTECTED]> wrote: > "Laurent Tickle" <[EMAIL PROTECTED]> wrote: > > [...] a patch who work on Kernel 2.2.X and 2.4.X ;) > > It's 2.4.20 only... :-P That bug was the reason why 2.2.25 was released. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
Thanks, but I have updated my Kernel to 2.2.25 + patch and the bug don't seem to work. - Original Message - From: "Matteo Moro" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 22, 2003 8:11 PM Subject: Re: PTRACE Fixed? > On Sat, 22 Mar 2003 17:49:55 +0100 > "Laurent Tickle" <[EMAIL PROTECTED]> wrote: > > > > [...] patch for the PTrace bug ? > > > Here you'll find a kernel source tree patched against the PTrace bug: > ftp://ftp.debian.org/debian/pool/main/k/kernel-source-2.4.20/kernel-source-2 .4.20_2.4.20-3woody.3_all.deb > > > > > [...] a patch who work on Kernel 2.2.X and 2.4.X ;) > > > It's 2.4.20 only... :-P > > ciao. > TeO:-) > > -- > TeO:-) ... ICQ#91902715 > http://www.matteomoro.net/ > "Il 90% dei problemi di un PC > sta tra la tastiera e la sedia" > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.463 / Virus Database: 262 - Release Date: 17/03/2003 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
On Sat, 22 Mar 2003 17:49:55 +0100 "Laurent Tickle" <[EMAIL PROTECTED]> wrote: > > [...] patch for the PTrace bug ? > Here you'll find a kernel source tree patched against the PTrace bug: ftp://ftp.debian.org/debian/pool/main/k/kernel-source-2.4.20/kernel-source-2.4.20_2.4.20-3woody.3_all.deb > > [...] a patch who work on Kernel 2.2.X and 2.4.X ;) > It's 2.4.20 only... :-P ciao. TeO:-) -- TeO:-) ... ICQ#91902715 http://www.matteomoro.net/ "Il 90% dei problemi di un PC sta tra la tastiera e la sedia"
Re: PTRACE Fixed?
On Sat, 2003-03-22 at 04:43, Markus Kolb wrote: > Jon wrote: > > [...] > > >> > >>Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > >> > >>=> Simple mode, executing /usr/bin/id > /dev/tty > >>sizeof(shellcode)=95 > >>=> Child process started.. > >>=> Child process started.. > > [...] > >> > >>Does this mean the patch I downloaded worked? > > > > > > Yes. > > > > - Jon > > Mmh, well, I have a non-patched 2.4.19 and so there should be the bug. > I've tried the k3m, too. > In my environment it first told me that my kernel is attackable. > I ran k3m a 2nd and 3rd time and it has only reported the "Child process > started..." messages and produced child process zombies. The exploit may need to start several child proceesses before one of them obtains root priviledges. If your kernel is vulnerable, you should get an "ok!" message after a few attempts (usually works the second or third time on my 2.4.20-k7 machine). When run without arguments, the exploit just starts a process, checks its priviledges, then kills the processes. I have not noticed any zombie processes after running the exploit - even after running it several times. If you *do* want it to start some processes, there are command-line options to do so. > What is that? Is k3m buggy? Very strange... > Works great on my machine... unfortunately. ;) - Jon
Re: PTRACE Fixed?
On Sat, Mar 22, 2003 at 05:49:55PM +0100, Laurent Tickle wrote: > Hello, > > Were I can find a patch for the PTrace bug ? > Because i'm searching for a patch who work on Kernel 2.2.X and 2.4.X ;) Well for 2.2.x Alan Cox released 2.2.25 wich includes only the ptrace patch. For 2.4.x several patches circulated on the lkml [1] and I heard about a offical bitkeeper generated patch on kernel.org. Sven [1] http://www.uwsg.indiana.edu/hypermail/linux/kernel/0303.2/0226.html -- It really sucks to give your heart to a girl You want to know her like she knows the whole world But 10 seconds in, it's obvious, your going nowhere... [Bowling for Soup - Drunk Enough To Dance - I Don't Wanna Rock]
Re: PTRACE Fixed?
http://www.kernel.org/pub/linux/kernel/v2.4/testing/cset/cset-1.1076.txt The patch is for 2.2.24 or 2.4.20. I tried applying it on 2.4.18 but the patch seems to barf :) On Sat, 22 Mar 2003 at 05:49:55PM +0100, Laurent Tickle wrote: > Hello, > > Were I can find a patch for the PTrace bug ? > Because i'm searching for a patch who work on Kernel 2.2.X and 2.4.X ;) > > thanks > > - Original Message - > From: "Jacek Sobczak" <[EMAIL PROTECTED]> > To: "Debian Security" > Sent: Saturday, March 22, 2003 5:15 PM > Subject: Re: PTRACE Fixed? > > > Dnia sob 22. marzec 2003 10:03, LeVA napisa?: > > Hello! > > > > Is the 2.4.20 kernel vulnerable to this exploit? > > yes > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.463 / Virus Database: 262 - Release Date: 17/03/2003 > > > -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #76: Budget cuts
Re: PTRACE Fixed?
On Sat, 22 Mar 2003 17:49:55 +0100 "Laurent Tickle" <[EMAIL PROTECTED]> wrote: > > [...] patch for the PTrace bug ? > Here you'll find a kernel source tree patched against the PTrace bug: ftp://ftp.debian.org/debian/pool/main/k/kernel-source-2.4.20/kernel-source-2.4.20_2.4.20-3woody.3_all.deb > > [...] a patch who work on Kernel 2.2.X and 2.4.X ;) > It's 2.4.20 only... :-P ciao. TeO:-) -- TeO:-) ... ICQ#91902715 http://www.matteomoro.net/ "Il 90% dei problemi di un PC sta tra la tastiera e la sedia" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
On Sat, 2003-03-22 at 04:43, Markus Kolb wrote: > Jon wrote: > > [...] > > >> > >>Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > >> > >>=> Simple mode, executing /usr/bin/id > /dev/tty > >>sizeof(shellcode)=95 > >>=> Child process started.. > >>=> Child process started.. > > [...] > >> > >>Does this mean the patch I downloaded worked? > > > > > > Yes. > > > > - Jon > > Mmh, well, I have a non-patched 2.4.19 and so there should be the bug. > I've tried the k3m, too. > In my environment it first told me that my kernel is attackable. > I ran k3m a 2nd and 3rd time and it has only reported the "Child process > started..." messages and produced child process zombies. The exploit may need to start several child proceesses before one of them obtains root priviledges. If your kernel is vulnerable, you should get an "ok!" message after a few attempts (usually works the second or third time on my 2.4.20-k7 machine). When run without arguments, the exploit just starts a process, checks its priviledges, then kills the processes. I have not noticed any zombie processes after running the exploit - even after running it several times. If you *do* want it to start some processes, there are command-line options to do so. > What is that? Is k3m buggy? Very strange... > Works great on my machine... unfortunately. ;) - Jon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
Hello, Were I can find a patch for the PTrace bug ? Because i'm searching for a patch who work on Kernel 2.2.X and 2.4.X ;) thanks - Original Message - From: "Jacek Sobczak" <[EMAIL PROTECTED]> To: "Debian Security" Sent: Saturday, March 22, 2003 5:15 PM Subject: Re: PTRACE Fixed? Dnia sob 22. marzec 2003 10:03, LeVA napisał: > Hello! > > Is the 2.4.20 kernel vulnerable to this exploit? yes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.463 / Virus Database: 262 - Release Date: 17/03/2003
Re: PTRACE Fixed?
On Sat, 22 Mar 2003 at 10:03:38AM +0100, LeVA wrote: > Hello! > > Is the 2.4.20 kernel vulnerable to this exploit? Since there is a patch explicitly written for it on kernel.org I would suppose it is...
Re: PTRACE Fixed?
Dnia sob 22. marzec 2003 10:03, LeVA napisał: > Hello! > > Is the 2.4.20 kernel vulnerable to this exploit? yes
Re: PTRACE Fixed?
On Sat, Mar 22, 2003 at 05:49:55PM +0100, Laurent Tickle wrote: > Hello, > > Were I can find a patch for the PTrace bug ? > Because i'm searching for a patch who work on Kernel 2.2.X and 2.4.X ;) Well for 2.2.x Alan Cox released 2.2.25 wich includes only the ptrace patch. For 2.4.x several patches circulated on the lkml [1] and I heard about a offical bitkeeper generated patch on kernel.org. Sven [1] http://www.uwsg.indiana.edu/hypermail/linux/kernel/0303.2/0226.html -- It really sucks to give your heart to a girl You want to know her like she knows the whole world But 10 seconds in, it's obvious, your going nowhere... [Bowling for Soup - Drunk Enough To Dance - I Don't Wanna Rock] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
http://www.kernel.org/pub/linux/kernel/v2.4/testing/cset/cset-1.1076.txt The patch is for 2.2.24 or 2.4.20. I tried applying it on 2.4.18 but the patch seems to barf :) On Sat, 22 Mar 2003 at 05:49:55PM +0100, Laurent Tickle wrote: > Hello, > > Were I can find a patch for the PTrace bug ? > Because i'm searching for a patch who work on Kernel 2.2.X and 2.4.X ;) > > thanks > > - Original Message - > From: "Jacek Sobczak" <[EMAIL PROTECTED]> > To: "Debian Security" <[EMAIL PROTECTED]> > Sent: Saturday, March 22, 2003 5:15 PM > Subject: Re: PTRACE Fixed? > > > Dnia sob 22. marzec 2003 10:03, LeVA napisa?: > > Hello! > > > > Is the 2.4.20 kernel vulnerable to this exploit? > > yes > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.463 / Virus Database: 262 - Release Date: 17/03/2003 > > > -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #76: Budget cuts -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
Hello, Were I can find a patch for the PTrace bug ? Because i'm searching for a patch who work on Kernel 2.2.X and 2.4.X ;) thanks - Original Message - From: "Jacek Sobczak" <[EMAIL PROTECTED]> To: "Debian Security" <[EMAIL PROTECTED]> Sent: Saturday, March 22, 2003 5:15 PM Subject: Re: PTRACE Fixed? Dnia sob 22. marzec 2003 10:03, LeVA napisał: > Hello! > > Is the 2.4.20 kernel vulnerable to this exploit? yes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.463 / Virus Database: 262 - Release Date: 17/03/2003 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
On Sat, 22 Mar 2003 at 10:03:38AM +0100, LeVA wrote: > Hello! > > Is the 2.4.20 kernel vulnerable to this exploit? Since there is a patch explicitly written for it on kernel.org I would suppose it is... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
Dnia sob 22. marzec 2003 10:03, LeVA napisał: > Hello! > > Is the 2.4.20 kernel vulnerable to this exploit? yes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
Jon wrote: [...] Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> => Simple mode, executing /usr/bin/id > /dev/tty sizeof(shellcode)=95 => Child process started.. => Child process started.. [...] Does this mean the patch I downloaded worked? Yes. - Jon Mmh, well, I have a non-patched 2.4.19 and so there should be the bug. I've tried the k3m, too. In my environment it first told me that my kernel is attackable. I ran k3m a 2nd and 3rd time and it has only reported the "Child process started..." messages and produced child process zombies. What is that? Is k3m buggy? Very strange...
Re: PTRACE Fixed?
Jon wrote: [...] Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> => Simple mode, executing /usr/bin/id > /dev/tty sizeof(shellcode)=95 => Child process started.. => Child process started.. [...] Does this mean the patch I downloaded worked? Yes. - Jon Mmh, well, I have a non-patched 2.4.19 and so there should be the bug. I've tried the k3m, too. In my environment it first told me that my kernel is attackable. I ran k3m a 2nd and 3rd time and it has only reported the "Child process started..." messages and produced child process zombies. What is that? Is k3m buggy? Very strange... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: PTRACE Fixed?
Hello! Is the 2.4.20 kernel vulnerable to this exploit? Phillip Hofmeister wrote: All, I just patched my kernel with the patch available on kernel.org. I downloaded, compiled and ran the km3.c exploit for this bug. How can I tell if the exploit failed or not? When I run the exploit as non-root it keeps starting children over and over again. When I run it as root it does the following: Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> => Simple mode, executing /usr/bin/id > /dev/tty sizeof(shellcode)=95 => Child process started.. => Child process started.+ 2131 uid=0(root) gid=0(root) groups=0(root) - 2131 ok! As non-root: Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> => Simple mode, executing /usr/bin/id > /dev/tty sizeof(shellcode)=95 => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. Does this mean the patch I downloaded worked? Thanks, smime.p7s Description: S/MIME Cryptographic Signature
Re: PTRACE Fixed?
On Fri, 2003-03-21 at 17:43, Phillip Hofmeister wrote: > When I run it as root it does the following: > > Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > > => Simple mode, executing /usr/bin/id > /dev/tty > sizeof(shellcode)=95 > => Child process started.. > => Child process started.+ 2131 > uid=0(root) gid=0(root) groups=0(root) > - 2131 ok! > > As non-root: > > Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > > => Simple mode, executing /usr/bin/id > /dev/tty > sizeof(shellcode)=95 > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > > > Does this mean the patch I downloaded worked? Yes. - Jon
Re: PTRACE Fixed?
Hello! Is the 2.4.20 kernel vulnerable to this exploit? Phillip Hofmeister wrote: All, I just patched my kernel with the patch available on kernel.org. I downloaded, compiled and ran the km3.c exploit for this bug. How can I tell if the exploit failed or not? When I run the exploit as non-root it keeps starting children over and over again. When I run it as root it does the following: Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> => Simple mode, executing /usr/bin/id > /dev/tty sizeof(shellcode)=95 => Child process started.. => Child process started.+ 2131 uid=0(root) gid=0(root) groups=0(root) - 2131 ok! As non-root: Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> => Simple mode, executing /usr/bin/id > /dev/tty sizeof(shellcode)=95 => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. => Child process started.. Does this mean the patch I downloaded worked? Thanks, smime.p7s Description: S/MIME Cryptographic Signature
Re: PTRACE Fixed?
On Fri, 2003-03-21 at 17:43, Phillip Hofmeister wrote: > When I run it as root it does the following: > > Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > > => Simple mode, executing /usr/bin/id > /dev/tty > sizeof(shellcode)=95 > => Child process started.. > => Child process started.+ 2131 > uid=0(root) gid=0(root) groups=0(root) > - 2131 ok! > > As non-root: > > Linux kmod + ptrace local root exploit by <[EMAIL PROTECTED]> > > => Simple mode, executing /usr/bin/id > /dev/tty > sizeof(shellcode)=95 > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > => Child process started.. > > > Does this mean the patch I downloaded worked? Yes. - Jon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]