[colug-432] New root exploit code for CentOS

Joshua Kramer joskra42.list at gmail.com
Tue May 14 12:33:30 EDT 2013


Hello,

I recently saw this:

https://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=59

Given a command prompt, download this exploit, compile it, run it... and
you suddenly have root.  What is interesting about this is, as soon as you
have root, you can disable SELinux.

Apparently it can be mitigated using this kernel module:

http://elrepo.org/tiki/kmod-tpe

I spun up a test VM and tested this - it works!  What would be interesting
is doing some investigation to see if SELinux could prevent damage if this
code was run from a malicious web app instead of the command prompt.

Also, I wonder if this works on Scientific Linux and other RHEL
derivatives, or RHEL itself?

Cheers,
-JK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20130514/306f647c/attachment.html 


More information about the colug-432 mailing list