Really nasty Linux security bug
E Frank Ball
frankb at efball.com
Fri Oct 19 14:31:36 PDT 2001
On Fri, Oct 19, 2001 at 11:53:58AM -0700, Dustin Mollo wrote:
} Hey all. For those that doin't read slashdot all that often, check out this
} email over on SecurityFocus.
}
} http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
}
} ObQuote:
}
} There are two bugs present in Linux kernels 2.2.x, x<=19 and 2.4.y, y<=9.
} The first vulnerability results in local DoS. The second one, involving
} ptrace, can be used to gain root privileges locally (in case of default
} install of most popular distributions). Linux 2.0.x is not vulnerable to the
} ptrace bug mentioned.
The ptrace problem is easily fixed. Log in as root and:
chmod u-s /usr/bin/newgrp
II. Root compromise by ptrace(3)
In order for this flaw to be exploitable, /usr/bin/newgrp must be
setuid root and world-executable. Additionally, newgrp, when run with no
arguments, should not prompt for password. This
conditions are satisfied in case of most popular Linux distributions (but
not Openwall GNU/*/Linux)
--
E Frank Ball efball at efball.com
More information about the talk
mailing list