Taeho Oh wrote:
> This is amd remote exploit code. This is well known bug in the internet.
> It's very critical bug, please upgrade am-utils or remove it.
> begin amd-ex.c
> ----------------------------------------------------------------------
> /* Amd Buffer Overflow for x86 linux
>
> Remote user can gain root access.
>
> Tested redhat linux : 4.0, 5.1, 6.0
> Tested am-utils version : 6.0
We finally got around to testing this exploit against a StackGuarded amd. StackGuard
stopped it,
producing this intrusion detection alert in syslog:
Oct 20 01:40:47 kryten amd[326]: Immunix type 1 Canary[0] = aff0d died with cadaver
bffff34d in
procedure real_plog.
For clarification, this test was performed against am-utils-6.0a16-4, which was NOT
patched against
the bug that this exploit attacks. This is the general point of StackGuard
protection: to defend you
against bugs that you do *not* know about or have *not* patched. You can get the
StackGuarded amd
here: http://immunix.org/StackGuard/RH52/RPMS/am-utils-6.0a16-4_SG12.i386.rpm
As usual, you can get StackGuard compiler and StackGuarded Linux systems at
http://immunix.org
Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org
