[colug-432] New root exploit code for CentOS
pat at linuxcolumbus.com
Tue May 14 12:48:15 EDT 2013
Replace xxxx with the correct four letter word for the prize.
On Tue, 14 May 2013 12:41:39 -0400 Travis Sidelinger wrote
The source code link seems to be down:
On Tue, May 14, 2013 at 12:33 PM, Joshua Kramer wrote:
Hello, I recently saw this:
Given a command prompt, download this exploit, compile it, run it... and you
suddenly have root. What is interesting about this is, as soon as you have
root, you can disable SELinux.
Apparently it can be mitigated using this kernel module:
I spun up a test VM and tested this - it works! What would be interesting is
doing some investigation to see if SELinux could prevent damage if this code
was run from a malicious web app instead of the command prompt.
Also, I wonder if this works on Scientific Linux and other RHEL derivatives,
or RHEL itself?
colug-432 mailing list
colug-432 at colug.net 
"A careful reading of history clearly demonstrates ...
that people don't read history carefully."
"We can't solve problems by using the same kind of thinking we used when we
 mailto:joskra42.list at gmail.com
 mailto:colug-432 at colug.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the colug-432