Re: [Full-disclosure] Debian Development Machine "Gluck" Hacked - UPDATE
On Thu, 13 Jul 2006, David Taylor wrote: Curious why Secunia is rating this as 'less critical'. The way I see it, this exploit could be integrated into the other exploits for mambo, joomla, phpbb, etc. Also, all of us that have websites hosted on linux machines that have a vulnerable kernel could get root? I'm thinking 'highly critical'? Think of their scoring as a minimum rating. Depending on the particular impact to your system, you may need to adjust appropriately. I would consider this highly critical on any system that would provide shell access to customers, non-privledged employees, etc. If a system has shell access restricted to just admins, I'm would care less about this vulnerability. On systems like this I generally assume that if someone gets shell to the system as a non-prileged user they will eventually get root anyways. -- Greg ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Debian Development Machine "Gluck" Hacked -UPDATE
David Taylor wrote: Curious why Secunia is rating this as 'less critical'. The way I see it, this exploit could be integrated into the other exploits for mambo, joomla, phpbb, etc. Also, all of us that have websites hosted on linux machines that have a vulnerable kernel could get root? I'm thinking 'highly critical'? considering the widespread use of that kernel, yes and yes, viable user=>root exploit can be obtained from a web app vuln. ( hacking 101 here kids ) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Debian Development Machine "Gluck" Hacked - UPDATE
no ... the hacker used a previously hacked developer's account and he used the fresh kernel bug to escalate to root privilege probably because he had no access from the developer's account.. Read the story on debian.org David Taylor wrote: Curious why Secunia is rating this as 'less critical'. The way I see it, this exploit could be integrated into the other exploits for mambo, joomla, phpbb, etc. Also, all of us that have websites hosted on linux machines that have a vulnerable kernel could get root? I'm thinking 'highly critical'? On 7/13/06 4:24 PM, "Morning Wood" <[EMAIL PROTECTED]> wrote: Debian Development Machine Hacked http://lists.debian.org/debian-devel-announce/2006/07/msg3.html or http://www.zone-h.org/content/view/13853/31/ Confirmed hacked by: Linux Kernel PRCTL Core Dump Handling Privilege Escalation Vulnerability http://www.debian.org/News/2006/20060713 or http://www.zone-h.org/content/view/13853/31/ ( updated ) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ == David Taylor //Sr. Information Security Specialist University of Pennsylvania Information Security Philadelphia PA USA (215) 898-1236 http://www.upenn.edu/computing/security/ == Penn Information Security RSS feed http://www.upenn.edu/computing/security/rss/rssfeed.xml Add link to your favorite RSS reader ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __ NOD32 1.1659 (20060713) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com begin:vcard fn:Arnaud Dovi / Ind. Security Researcher n:Dovi;Arnaud email;internet:[EMAIL PROTECTED] tel;work:Independent Security Researcher version:2.1 end:vcard ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Debian Development Machine "Gluck" Hacked - UPDATE
Curious why Secunia is rating this as 'less critical'. The way I see it, this exploit could be integrated into the other exploits for mambo, joomla, phpbb, etc. Also, all of us that have websites hosted on linux machines that have a vulnerable kernel could get root? I'm thinking 'highly critical'? On 7/13/06 4:24 PM, "Morning Wood" <[EMAIL PROTECTED]> wrote: > >> Debian Development Machine Hacked >> http://lists.debian.org/debian-devel-announce/2006/07/msg3.html >> or >> http://www.zone-h.org/content/view/13853/31/ > > Confirmed hacked by: > Linux Kernel PRCTL Core Dump Handling Privilege Escalation Vulnerability > > http://www.debian.org/News/2006/20060713 > > or > > http://www.zone-h.org/content/view/13853/31/ ( updated ) > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ == David Taylor //Sr. Information Security Specialist University of Pennsylvania Information Security Philadelphia PA USA (215) 898-1236 http://www.upenn.edu/computing/security/ == Penn Information Security RSS feed http://www.upenn.edu/computing/security/rss/rssfeed.xml Add link to your favorite RSS reader ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Debian Development Machine "Gluck" Hacked - UPDATE
Debian Development Machine Hacked http://lists.debian.org/debian-devel-announce/2006/07/msg3.html or http://www.zone-h.org/content/view/13853/31/ Confirmed hacked by: Linux Kernel PRCTL Core Dump Handling Privilege Escalation Vulnerability http://www.debian.org/News/2006/20060713 or http://www.zone-h.org/content/view/13853/31/ ( updated ) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
