On Thu, Jul 13, 2006 at 09:57:05PM -0700, Kyle Lutze wrote:
it seems that this relies on /etc/cron.d being there? or is it specific
to a crond? I use fcron which doesn't use /etc/cron.d and I have been
unable to get the exploit to successfully work. 2.6.14 kernel
sh: /tmp/sh: No such file or
hi,
setting 750 on /etc/cron.* would stop this exploit
/lars
if ( !( child = fork() )) {
chdir(/etc/cron.d);
prctl(PR_SET_DUMPABLE, 2);
sleep(200);
exit(1);
___
Full-Disclosure - We believe in it.
Charter:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 7/13/06, lars brun nielsen [EMAIL PROTECTED] wrote:
hi,
setting 750 on /etc/cron.* would stop this exploit
Incorrect. Did you even try this on ONE vulnerable box? The
vulnerability exists BECAUSE the kernel doesn't enforce directory
Matt Murphy write:If you actually bothered to read ANY of the vendor advisories on thisissue, you'd know why. The vulnerability exists because the kernelDOES NOT VERIFY write permissions to core dump directories. If your
users actually have write permissions to /etc/cron.d, do the world afavor
On Thu, 13 Jul 2006, Matthew Murphy wrote:
setting 750 on /etc/cron.* would stop this exploit
Incorrect. Did you even try this on ONE vulnerable box? The
vulnerability exists BECAUSE the kernel doesn't enforce directory
permissions when writing a core dump.
You cannot chdir to (or access a
Michal Zalewski wrote:
On Thu, 13 Jul 2006, Matthew Murphy wrote:
setting 750 on /etc/cron.* would stop this exploit
Incorrect. Did you even try this on ONE vulnerable box? The
vulnerability exists BECAUSE the kernel doesn't enforce directory
permissions when writing a core dump.
You
Dear Matt,This is silly, you are a lying jigaboo. That is of course unless the machine you tested on was compiled with the CONFIG_ALLOW_MATT_MURPHY_TO_RUN_HIS_MOUTH_AND_CHDIR_INTO_NON_EXECUTABLE_DIRECTORIES option. This option hasn't been on by default in any distribution since Redhat
6.2 as far
it seems that this relies on /etc/cron.d being there? or is it specific
to a crond? I use fcron which doesn't use /etc/cron.d and I have been
unable to get the exploit to successfully work. 2.6.14 kernel
sh: /tmp/sh: No such file or directory
I'm running gentoo-sources without selinux or