[colug-432] New root exploit code for CentOS

Neal Dias roman at ensecure.org
Tue May 14 13:00:41 EDT 2013


Not sure what is interesting about the ability to disable SELinux; you have
root, game over.

RHEL 5 is not affected, RHEL 6 is, updated packages still in-process.

https://access.redhat.com/security/cve/CVE-2013-2094
https://bugzilla.redhat.com/show_bug.cgi?id=962792

On Tue, May 14, 2013 at 12:33 PM, Joshua Kramer <joskra42.list at gmail.com>wrote:

> Hello,
>
> I recently saw this:
>
> https://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=59
>
> Given a command prompt, download this exploit, compile it, run it... and
> you suddenly have root.  What is interesting about this is, as soon as you
> have root, you can disable SELinux.
>
> Apparently it can be mitigated using this kernel module:
>
> http://elrepo.org/tiki/kmod-tpe
>
> I spun up a test VM and tested this - it works!  What would be interesting
> is doing some investigation to see if SELinux could prevent damage if this
> code was run from a malicious web app instead of the command prompt.
>
> Also, I wonder if this works on Scientific Linux and other RHEL
> derivatives, or RHEL itself?
>
> Cheers,
> -JK
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20130514/dcf38070/attachment.html 


More information about the colug-432 mailing list