Larry Nguyen wrote: > In case ba'c na`o missed it from bugtrag. Xem solution ta.m o+? cuo^'i thu+. > > -Larry
Fake one. Don't run it! > > ------ Original Message ------ > Subject: Undisclosed Sudo Vulnerability ? > To: bugtraq@securityfocus.com > Date: Sat, 30 Jul 2005 12:40:23 -0600 > > > About two weeks ago, our proprietary LIDS detected some suspicious shell > activity on an internal .mil machine i am in charged of. Our server runs > latest up2date Debian GNU/Linux on 2.4.31 x86 with grsec/PaX enabled. > Before shutting down the machine and reinstalling it from scratch, we > installed sebek module to monitor all shell activity. Based on the data > we gathered, it seems the attacker gained root privileges using an > undisclosed bug in latest sudo. > > ... > > $ cat sudoh.c > /* > * off by one ebp overwrite in sudo prompt parsing func (bground mode only) > * > * "y0, don't abuse this priv8 exploit to rm boxes. k,thx" - Richard Johnson > * > * gcc -pipe -o sudoh sudoh.c ; ./sudoh > * > * happy deathday route > * > */ ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ VietLUG-users mailing list VietLUG-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vietlug-users
