From: Christoph Kuhles (ck_at_aquatix.de)
Date: Mon 24 Mar 2003 - 19:07:16 GMT
Monday, March 24, 2003, 6:21:23 PM, you wrote:
LMS> I should have given the url to a working exploit on my original post.
LMS> So, here it is:
Hm, I don't seem able to exploit my own machines -
[ck_at_adjana ck]$ uname -a
Linux adjana.aquatix.de 2.4.19-aqx #4 Wed Jan 8 00:59:02 CET 2003 i686 i686 i386 GNU/Linux
[ck_at_adjana ck]$ ./km3
Linux kmod + ptrace local root exploit by <anszom_at_v-lo.krakow.pl>
=> Simple mode, executing /usr/bin/id > /dev/tty
=> Child process started.+ 11120
- 11120 ok!
uid=0(root) gid=0(root) groups=100(users)
[ck_at_adjana ck]$ whoami
/usr/bin/passwd is setuid root, the box runs 2.4.19 with ctx-15, ricmp
and patch-int from kerneli.org, /proc/sys/kernel/modprobe is set to
/sbin/modprobe. I really wonder why my machine is not vulnerable as I
didn't apply any patches for that. Also module support is enabled in
the running kernel.
Does anyone have details what might have actually 'patched' my system
here? I'm kinda worried if there's any other exploit that might work
on my box, so I'd appreciate any advice.