Prevent Local Privilege Escalation for Econet Kernel Exploit
0 views
Skip to first unread message
hard wyrd
Dec 8, 2010, 9:56:30 AM12/8/10
to Open-ITLUG, Kagay-Anon Linux Users' Group (KLUG) Mailing List, linuxus...@googlegroups.com, ubunt...@googlegroups.com, Mailing List para sa Ubuntu Pilipinas (Philippines)
Hi All,
Linux kernel 2.6.37 and below with Econet protocol compiled in kernel is susceptible to local privilege escalation attacks. All it takes is a local shell user account (non-root), access to GCC and executing the exploit code and get full root privilege .
For users using most distros with kernels 2.6.37 and below, Michael Meissner provided a temporary workaround by running the following:
echo 1 > /proc/sys/kernel/panic_on_oops
If the exploit code is being run or something triggers exploiting Econet, the kernel will go into panic instead of becoming exploitable.
The Econet problem was discovered by Nelson Elhage and were outlined in CVE-2010-4258, CVE-2010-3849, and CVE-2010-3850. The exploit code I was able to test out was provided by Dan Rosenberg and was verified to work on Ubuntu 10.04 .
Michael Meissner verified that openSUSE 11.2 and 11.3 do not have ECONET compiled, openSUSE 11.1 has ECONET, but not the 0 ptr deref issue.
Hope this will help if you have VPSes, dedicated boxes, and local boxes.
Regards!
--
-------------------------------------------------------------
"Penguin, penguin, and more penguin !"
www.madforubuntu.com
baudizm.blogsome.com
-------------------------------------------------------------
"Penguin, penguin, and more penguin !"
www.madforubuntu.com
baudizm.blogsome.com
Reply all
Reply to author
Forward
0 new messages