[colug-432] New root exploit code for CentOS
Pat Collins
pat at linuxcolumbus.com
Tue May 14 12:48:15 EDT 2013
Replace xxxx with the correct four letter word for the prize.
Pat
On Tue, 14 May 2013 12:41:39 -0400 Travis Sidelinger wrote
The source code link seems to be down:
http://xxxxsheep.org/~sd/warez/semtex.c [1]
-Travis
On Tue, May 14, 2013 at 12:33 PM, Joshua Kramer wrote:
Hello, I recently saw this:
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=59
[3]
Given a command prompt, download this exploit, compile it, run it... and you
suddenly have root. What is interesting about this is, as soon as you have
root, you can disable SELinux.
Apparently it can be mitigated using this kernel module:
http://elrepo.org/tiki/kmod-tpe [4]
I spun up a test VM and tested this - it works! What would be interesting is
doing some investigation to see if SELinux could prevent damage if this code
was run from a malicious web app instead of the command prompt.
Also, I wonder if this works on Scientific Linux and other RHEL derivatives,
or RHEL itself?
Cheers,
-JK
_______________________________________________
colug-432 mailing list
colug-432 at colug.net [5]
http://lists.colug.net/mailman/listinfo/colug-432 [6]
--
"A careful reading of history clearly demonstrates ...
that people don't read history carefully."
"We can't solve problems by using the same kind of thinking we used when we
created them."
--Albert Einstein
Links:
------
[1] http://xxxxsheep.org/%7Esd/warez/semtex.c
[2] mailto:joskra42.list at gmail.com
[3]
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=59
[4] http://elrepo.org/tiki/kmod-tpe
[5] mailto:colug-432 at colug.net
[6] http://lists.colug.net/mailman/listinfo/colug-432
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20130514/7c333c67/attachment.html
More information about the colug-432
mailing list