January 22nd, 2003, 08:27 PM
Linux Kernel Root Exploit
Just came across this HERE and thought id inform you guys who havent already updated those kernels, to do so, as any skiddie could get their hands on one of these automated scripts!
Linux Kernel Root Exploit affecting Linux kernels 2.2.19 and earlier in the 2.2.x series, and 2.4.9 and earlier in the 2.4.x series.
There are a few more exploits here also so happy reading and sleep well!
Some Linux kernels have vulnerabilities that can be exploited to gain root access and be used in a denial-of-service attack. It is reported that Linux kernels 2.2.19 and earlier in the 2.2.x series, and 2.4.9 and earlier in the 2.4.x series, are vulnerable.
The vulnerability that can be used to gain root permissions is exploited by ptrace and a set user id program. When it is exploited, arbitrary code will be executed with root permissions. A script to automate the exploit using the newgrp command has been released.
The denial-of-service attack is caused by making the kernel de-reference multiple symbolic links. The Linux Kernel version 2.4.10 has a partial fix for this vulnerability. A script has also been released that can be used to automate the denial-of-service attack.
It is recommended that affected users upgrade their Linux kernel to version 2.4.12 or a patched version of the 2.2.x kernel as soon as possible. At the time of this writing, it had been reported that updated packages had been released by Caldera, Red Hat, EnGarde Secure Linux, Trustix Secure Linux, and Immunix OS.