FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 01-24-2012, 04:11 AM
Jayesh Badwaik
 
Default Linux Local Privilege Escalation via SUID /proc/pid/mem Write

Hi,

I have just discovered this kernel exploit which allows a local user
to obtain root priviliges. The detailed explanation is given at [1].
The patch has been apparently fixed in the kernel as of now (according
to the blog post), but that update has not yet come into archlinux.
And while, the /bin/su is fine and is not vulnerable to exploit,
gpasswd is vulnerable and I am able to carry out the exploit on my
computer as of now, using the gpasswd program. The list of programs
that may be vulnerable are given by the following command

[user@localhost]$ for p in $(echo $PATH | tr ‘:’ ‘ ‘); do find “$p”
-perm -4005; done

which gives in my system the following list [3]

Not all of them work, /bin/su does not work, nor does ping work.

Any news of any kind of update? By the way, here is the patch that is
available for the same [2].

[1] : http://blog.zx2c4.com/749

[2]: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804d bb27977a3cccc

[3] : /usr/bin/kppp
/usr/bin/gpasswd
/usr/bin/rsh
/usr/bin/chsh
/usr/bin/chfn
/usr/bin/pkexec
/usr/bin/chage
/usr/bin/kwrited
/usr/bin/ksu
/usr/bin/Xorg
/usr/bin/newgrp
/usr/bin/rcp
/usr/bin/expiry
/usr/bin/passwd
/usr/bin/rlogin
/usr/bin/crontab
/bin/fusermount
/bin/traceroute6
/bin/ping6
/bin/umount
/bin/ping
/bin/mount
/bin/traceroute
/bin/su
/sbin/mount.cifs
/sbin/unix_chkpwd

--
-------------------------------------------------------
Cheers
Jayesh Vinay Badwaik
Electronics and Communication Engineering
VNIT, INDIA
-
 

Thread Tools




All times are GMT. The time now is 05:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org