[colug-432] New root exploit code for CentOS

Rick Troth rmt at casita.net
Tue May 14 13:22:28 EDT 2013


> Not sure what is interesting about the ability to disable SELinux; you have root, game over.

With the right profiles, a major selling point of SELinux (as "we" use
it) is that it's *not* game over just because you got root.  (There
are other features of SELinux which are more interesting to the NSA
than they are to you and me.)

I'm not personally a fan, but I'm not using this as an opportunity to
jab at it ... or maybe I am.

-- R; <><




On Tue, May 14, 2013 at 1:00 PM, Neal Dias <roman at ensecure.org> wrote:
> Not sure what is interesting about the ability to disable SELinux; you have
> root, game over.
>
> RHEL 5 is not affected, RHEL 6 is, updated packages still in-process.
>
> https://access.redhat.com/security/cve/CVE-2013-2094
> https://bugzilla.redhat.com/show_bug.cgi?id=962792
>
> On Tue, May 14, 2013 at 12:33 PM, Joshua Kramer <joskra42.list at gmail.com>
> wrote:
>>
>> Hello,
>>
>> I recently saw this:
>>
>> https://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=59
>>
>> Given a command prompt, download this exploit, compile it, run it... and
>> you suddenly have root.  What is interesting about this is, as soon as you
>> have root, you can disable SELinux.
>>
>> Apparently it can be mitigated using this kernel module:
>>
>> http://elrepo.org/tiki/kmod-tpe
>>
>> I spun up a test VM and tested this - it works!  What would be interesting
>> is doing some investigation to see if SELinux could prevent damage if this
>> code was run from a malicious web app instead of the command prompt.
>>
>> Also, I wonder if this works on Scientific Linux and other RHEL
>> derivatives, or RHEL itself?
>>
>> Cheers,
>> -JK
>>
>> _______________________________________________
>> colug-432 mailing list
>> colug-432 at colug.net
>> http://lists.colug.net/mailman/listinfo/colug-432
>>
>
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>



-- 
-- R;   <><


More information about the colug-432 mailing list