Re: BugTraq Kernel 2.2.19
Kenneth Pronovici [EMAIL PROTECTED] writes: I can't make the ptrace exploit work on my 2.2.19 system... but I might be doing something wrong (I'm not quite sure what to expect). I get: attached exec ./insert_shellcode 30505 execl: Operation not permitted Since the bug is a race condition, it's possible that it is hard to exploit. Especially the exploit using newgrp is a bit fragile. There's a different exploit using /bin/su, which is perhaps a bit more reliable. See: http://cert.uni-stuttgart.de/archive/bugtraq/2001/10/msg00153.html -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: BugTraq Kernel 2.2.19
Kenneth Pronovici [EMAIL PROTECTED] writes: I can't make the ptrace exploit work on my 2.2.19 system... but I might be doing something wrong (I'm not quite sure what to expect). I get: attached exec ./insert_shellcode 30505 execl: Operation not permitted Since the bug is a race condition, it's possible that it is hard to exploit. Especially the exploit using newgrp is a bit fragile. There's a different exploit using /bin/su, which is perhaps a bit more reliable. See: http://cert.uni-stuttgart.de/archive/bugtraq/2001/10/msg00153.html -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
Re: BugTraq Kernel 2.2.19
On Fri, Oct 19, 2001 at 05:13:19PM +0100, Niall Walsh wrote: Hi, I just discovered http://www.securityfocus.com/cgi-bin/archive.pl?id=1mid=221337start=2001-10-15end=2001-10-21 thanks to /. (so I'm sure more of you are aware of it). I was just wondering if anyone can let me know how we discover when we are likely to see an update for the kernel on security.debian.org to patch this issue (their seems to be at least one potential patch available, though for the symlink exploit it does alter the spec of the system :-( If the fix has appeared in the last few minutes since I apt-get update apt-get dist-upgrade d my box congrats guys and sorry to bother you :-) With this bug receiving /. coverage and the exploit code available (as it should be, all in the open please) I think we need to ensure that Debian gets this covered asap before some MS lovers go writing code to exploit boxes just to prove that their boxes are as good as ours. Niall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] i think Linus has already approved the patch. im not sure yet when will it arrive though.. -- When you have eliminated the impossible, whatever remains, however improbable, must be the truth. --Sherlock Holmes _The Sign of Four_ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: BugTraq Kernel 2.2.19
i think Linus has already approved the patch. im not sure yet when will it arrive though.. Yes, the email linked to by that /. posting : http://www.securityfocus.com/cgi-bin/archive.pl?id=1mid=221337start=2001-10-15end=2001-10-21 has attached to it the Linus-blessed 2.2.19 patch. KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ I have zero tolerance for zero-tolerance policies. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: BugTraq Kernel 2.2.19
On Fri, Oct 19, 2001 at 12:24:45PM -0500, Kenneth Pronovici wrote: i think Linus has already approved the patch. im not sure yet when will it arrive though.. Yes, the email linked to by that /. posting : http://www.securityfocus.com/cgi-bin/archive.pl?id=1mid=221337start=2001-10-15end=2001-10-21 has attached to it the Linus-blessed 2.2.19 patch. Has anyone else noticed that the included exploit does not affect 2.2.19? I tested it on one of my boxes and got the expected 'Operation not permitted'. Maybe I'm misunderstanding the problem, but I thought taht 2.2.19 took care of (well hindered) the ptrace problems. -Rob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: BugTraq Kernel 2.2.19
Has anyone else noticed that the included exploit does not affect 2.2.19? I tested it on one of my boxes and got the expected 'Operation not permitted'. Maybe I'm misunderstanding the problem, but I thought taht 2.2.19 took care of (well hindered) the ptrace problems. I can't make the ptrace exploit work on my 2.2.19 system... but I might be doing something wrong (I'm not quite sure what to expect). I get: attached exec ./insert_shellcode 30505 execl: Operation not permitted The mklink.sh script definitely works as advertised. If I use an argument of 10, I'm dead in the water until the script finishes. KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ I have zero tolerance for zero-tolerance policies. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: BugTraq Kernel 2.2.19
Hello,
I run Woody with 2.2.19 compiled from source, and the ptrace exploited worked
even with an older version of Openwall applied (scary...), but I snagged
fresh kernel source and the new Openwall patch, and it fails with the message
you receive ("execl: Operation not permitted.").
Regards,
Jovan Rivera
Email: [EMAIL PROTECTED]
Kenneth Pronovici wrote:
[EMAIL PROTECTED]">
Has anyone else noticed that the included exploit does not affect2.2.19? I tested it on one of my boxes and got the expected 'Operationnot permitted'. Maybe I'm misunderstanding the problem, but I thoughttaht 2.2.19 took care of (well hindered) the ptrace problems.
I can't make the ptrace exploit work on my 2.2.19 system... but I mightbe doing something wrong (I'm not quite sure what to expect). I get: attached exec ./insert_shellcode 30505 execl: Operation not permittedThe mklink.sh script definitely works as advertised. If I use an argumentof 10, I'm dead in the water until the script finishes.KEN
Re: BugTraq Kernel 2.2.19
On Fri, Oct 19, 2001 at 05:13:19PM +0100, Niall Walsh wrote: Hi, I just discovered http://www.securityfocus.com/cgi-bin/archive.pl?id=1mid=221337start=2001-10-15end=2001-10-21 thanks to /. (so I'm sure more of you are aware of it). I was just wondering if anyone can let me know how we discover when we are likely to see an update for the kernel on security.debian.org to patch this issue (their seems to be at least one potential patch available, though for the symlink exploit it does alter the spec of the system :-( If the fix has appeared in the last few minutes since I apt-get update apt-get dist-upgrade d my box congrats guys and sorry to bother you :-) With this bug receiving /. coverage and the exploit code available (as it should be, all in the open please) I think we need to ensure that Debian gets this covered asap before some MS lovers go writing code to exploit boxes just to prove that their boxes are as good as ours. Niall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] i think Linus has already approved the patch. im not sure yet when will it arrive though.. -- When you have eliminated the impossible, whatever remains, however improbable, must be the truth. --Sherlock Holmes _The Sign of Four_
Re: BugTraq Kernel 2.2.19
i think Linus has already approved the patch. im not sure yet when will it arrive though.. Yes, the email linked to by that /. posting : http://www.securityfocus.com/cgi-bin/archive.pl?id=1mid=221337start=2001-10-15end=2001-10-21 has attached to it the Linus-blessed 2.2.19 patch. KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ I have zero tolerance for zero-tolerance policies.
Re: BugTraq Kernel 2.2.19
On Fri, Oct 19, 2001 at 12:24:45PM -0500, Kenneth Pronovici wrote: i think Linus has already approved the patch. im not sure yet when will it arrive though.. Yes, the email linked to by that /. posting : http://www.securityfocus.com/cgi-bin/archive.pl?id=1mid=221337start=2001-10-15end=2001-10-21 has attached to it the Linus-blessed 2.2.19 patch. Has anyone else noticed that the included exploit does not affect 2.2.19? I tested it on one of my boxes and got the expected 'Operation not permitted'. Maybe I'm misunderstanding the problem, but I thought taht 2.2.19 took care of (well hindered) the ptrace problems. -Rob
Re: BugTraq Kernel 2.2.19
Has anyone else noticed that the included exploit does not affect 2.2.19? I tested it on one of my boxes and got the expected 'Operation not permitted'. Maybe I'm misunderstanding the problem, but I thought taht 2.2.19 took care of (well hindered) the ptrace problems. I can't make the ptrace exploit work on my 2.2.19 system... but I might be doing something wrong (I'm not quite sure what to expect). I get: attached exec ./insert_shellcode 30505 execl: Operation not permitted The mklink.sh script definitely works as advertised. If I use an argument of 10, I'm dead in the water until the script finishes. KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ I have zero tolerance for zero-tolerance policies.
Re: BugTraq Kernel 2.2.19
Hello,
I run Woody with 2.2.19 compiled from source, and the ptrace exploited worked
even with an older version of Openwall applied (scary...), but I snagged
fresh kernel source and the new Openwall patch, and it fails with the message
you receive ("execl: Operation not permitted.").
Regards,
Jovan Rivera
Email: [EMAIL PROTECTED]
Kenneth Pronovici wrote:
Has anyone else noticed that the included exploit does not affect2.2.19? I tested it on one of my boxes and got the expected 'Operationnot permitted'. Maybe I'm misunderstanding the problem, but I thoughttaht 2.2.19 took care of (well hindered) the ptrace problems.
I can't make the ptrace exploit work on my 2.2.19 system... but I mightbe doing something wrong (I'm not quite sure what to expect). I get: attached exec ./insert_shellcode 30505 execl: Operation not permittedThe mklink.sh script definitely works as advertised. If I use an argumentof 10, I'm dead in the water until the script finishes.KEN
