Really nasty Linux security bug
troy
fryman at sonic.net
Fri Oct 19 14:37:53 PDT 2001
On Fri, Oct 19, 2001 at 02:31:36PM -0700, E Frank Ball wrote:
> The ptrace problem is easily fixed. Log in as root and:
> chmod u-s /usr/bin/newgrp
Uhhhm, as i understand it the exploit requires a SUID binary. newgrp is
just a convenient helper, not the source of the problem.
-t
> On Fri, Oct 19, 2001 at 11:53:58AM -0700, Dustin Mollo wrote:
> } Hey all. For those that doin't read slashdot all that often, check out this
> } email over on SecurityFocus.
> }
> } http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
> }
> } ObQuote:
> }
> } There are two bugs present in Linux kernels 2.2.x, x<=19 and 2.4.y, y<=9.
> } The first vulnerability results in local DoS. The second one, involving
> } ptrace, can be used to gain root privileges locally (in case of default
> } install of most popular distributions). Linux 2.0.x is not vulnerable to the
> } ptrace bug mentioned.
>
> The ptrace problem is easily fixed. Log in as root and:
> chmod u-s /usr/bin/newgrp
>
> II. Root compromise by ptrace(3)
> In order for this flaw to be exploitable, /usr/bin/newgrp must be
> setuid root and world-executable. Additionally, newgrp, when run with no
> arguments, should not prompt for password. This
> conditions are satisfied in case of most popular Linux distributions (but
> not Openwall GNU/*/Linux)
>
> --
>
> E Frank Ball efball at efball.com
More information about the talk
mailing list