From: Nuno Silva (nuno.silva_at_vgertech.com)
Date: Mon 24 Mar 2003 - 20:00:29 GMT
exploits, in nowadays, are very sophisticated software, you must read
Btw, the exploit successfully got root in your box! (It spawned /bin/id)
Christoph Kuhles wrote:
> Monday, March 24, 2003, 6:21:23 PM, you wrote:
> LMS> I should have given the url to a working exploit on my original post.
> LMS> So, here it is:
> LMS> http://august.v-lo.krakow.pl/~anszom/km3.c
> Hm, I don't seem able to exploit my own machines -
> [ck_at_adjana ck]$ uname -a
> Linux adjana.aquatix.de 2.4.19-aqx #4 Wed Jan 8 00:59:02 CET 2003 i686 i686 i386 GNU/Linux
> [ck_at_adjana ck]$ ./km3
> Linux kmod + ptrace local root exploit by <anszom_at_v-lo.krakow.pl>
> => Simple mode, executing /usr/bin/id > /dev/tty
> => Child process started.+ 11120
> - 11120 ok!
> uid=0(root) gid=0(root) groups=100(users)
> [ck_at_adjana ck]$ whoami
> /usr/bin/passwd is setuid root, the box runs 2.4.19 with ctx-15, ricmp
> and patch-int from kerneli.org, /proc/sys/kernel/modprobe is set to
> /sbin/modprobe. I really wonder why my machine is not vulnerable as I
> didn't apply any patches for that. Also module support is enabled in
> the running kernel.
> Does anyone have details what might have actually 'patched' my system
> here? I'm kinda worried if there's any other exploit that might work
> on my box, so I'd appreciate any advice.