Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Linux Ptrace Exploit
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
CRC
Tux's lil' helper
Tux's lil' helper


Joined: 30 Mar 2003
Posts: 90
Location: Dallas, TX, USA

PostPosted: Sun Mar 30, 2003 2:54 am    Post subject: Linux Ptrace Exploit Reply with quote

The recent gentoo security alert about this exploit says that it is not remotely accessible. This is not entirely true. Many systems allow FTP access to update a website. If that website has CGI access, you effectively have a remote user. Its very easy to compile an exploit to take advantage of this security hole, and upload it to a web site via ftp with a little perl wrapper that gives you a web based shell. It only took me about 15 minutes to do it.

Also, the version of this exploit that I have makes itself SUID ROOT as soon as it runs. This means that even after you patch your kernel, you better make sure this thing isn't on your system already, because it will continue to run. I'd suggest you use find or something to make a list of all your SUID ROOT files.

That said, the grsecurity option in the gentoo kernels WILL prevent you from being exploited. However, it also leaves the attacking application spinning in a dead lock eating up CPU, but you already have "ulimit" set on your users to stop this from being an issue, and nagios or something set to notify you when an application is eating up all your idle time, right?

-- Evan
_________________
Unix/Linux Consulting & Hosting
We Support Gentoo!
http://CoolRunningConcepts.com

Freenode: Taro!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum