On Thu, Jul 13, 2006 at 09:57:05PM -0700, Kyle Lutze wrote:
> it seems that this relies on /etc/cron.d being there? or is it specific
> to a crond? I use fcron which doesn't use /etc/cron.d and I have been
> unable to get the exploit to successfully work. 2.6.14 kernel
>
> sh: /tmp/sh: No such fil
it seems that this relies on /etc/cron.d being there? or is it specific
to a crond? I use fcron which doesn't use /etc/cron.d and I have been
unable to get the exploit to successfully work. 2.6.14 kernel
sh: /tmp/sh: No such file or directory
I'm running gentoo-sources without selinux or anything
Dear Matt,This is silly, you are a lying jigaboo. That is of course unless the machine you tested on was compiled with the CONFIG_ALLOW_MATT_MURPHY_TO_RUN_HIS_MOUTH_AND_CHDIR_INTO_NON_EXECUTABLE_DIRECTORIES option. This option hasn't been on by default in any distribution since Redhat
6.2 as far a
Michal Zalewski wrote:
On Thu, 13 Jul 2006, Matthew Murphy wrote:
setting 750 on /etc/cron.* would stop this exploit
Incorrect. Did you even try this on ONE vulnerable box? The
vulnerability exists BECAUSE the kernel doesn't enforce directory
permissions when writing a core dump.
You canno
On Thu, 13 Jul 2006, Matthew Murphy wrote:
>> setting 750 on /etc/cron.* would stop this exploit
> Incorrect. Did you even try this on ONE vulnerable box? The
> vulnerability exists BECAUSE the kernel doesn't enforce directory
> permissions when writing a core dump.
You cannot chdir to (or acce
Matt Murphy write:>If you actually bothered to read ANY of the vendor advisories on this>issue, you'd know why. The vulnerability exists because the kernel>DOES NOT VERIFY write permissions to core dump directories. If your
>users actually have write permissions to /etc/cron.d, do the world a>fav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 7/13/06, lars brun nielsen <[EMAIL PROTECTED]> wrote:
hi,
setting 750 on /etc/cron.* would stop this exploit
Incorrect. Did you even try this on ONE vulnerable box? The
vulnerability exists BECAUSE the kernel doesn't enforce directory
permi
hi,
setting 750 on /etc/cron.* would stop this exploit
/lars
>
> if ( !( child = fork() )) {
> chdir("/etc/cron.d");
> prctl(PR_SET_DUMPABLE, 2);
> sleep(200);
> exit(1);
___
Full-Disclosure - We believe in it.
Chart
