Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Bug in latest Linux gives untrusted users root access

[es] :: Advocacy :: Bug in latest Linux gives untrusted users root access

[ Pregleda: 2986 | Odgovora: 11 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16674
*.dip.t-dialin.net.



+7166 Profil

icon Bug in latest Linux gives untrusted users root access03.11.2009. u 23:14 - pre 174 meseci
Ajoj - jos malo null pointera :)

http://www.theregister.co.uk/2...03/linux_kernel_vulnerability/

Citat:

A software developer has uncovered a bug in most versions of Linux that could allow untrusted users to gain complete control over the open-source operating system.

The null pointer dereference flaw was only fixed in the upcoming 2.6.32 release candidate of the Linux kernel, making virtually all production versions in use at the moment vulnerable. While attacks can be prevented by implementing a common feature known as mmap_min_addr, the RHEL distribution, short for Red Hat Enterprise Linux, doesn't properly implement that protection, Brad Spengler, who discovered the bug in mid October, told The Register.

What's more, many administrators are forced to disable the feature so their systems can run developer tools or desktop environments such as Wine.

The vulnerability was first reported by Spengler, a developer at grsecurity, a maker of applications that enhance the security of Linux. On October 22, he wrote a proof of concept attack for the local root exploit. Over the past few months, he has emerged as an outspoken critic of security practices followed by the team responsible for the Linux kernel.


:-)

Mada je i naslov pogresan... nije "last Linux" - vec "svi" osim sledeceg :)

Citat:

Over the past few months, he has emerged as an outspoken critic of security practices followed by the team responsible for the Linux kernel.


Ovaj... kojih "security practices"? "Bazaar opreznost?" :-)



DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

mulaz
Ljubljana

Član broj: 47602
Poruke: 2239
*.dial-up.dsl.siol.net.

Jabber: mulaz@elitesecurity.org
Sajt: www.mulaz.org


+184 Profil

icon Re: Bug in latest Linux gives untrusted users root access03.11.2009. u 23:43 - pre 174 meseci
imho: Local privilige escallation < remote DoS (M$ smb2)
Bolje ispasti glup nego iz aviona
http://www.mulaz.org/
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16674
*.dip.t-dialin.net.



+7166 Profil

icon Re: Bug in latest Linux gives untrusted users root access03.11.2009. u 23:48 - pre 174 meseci
Super, pretpostavljam kad neki user ima shell na nekom share-ovanom web ili sl... serveru, to je sve OK :-)

DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

mulaz
Ljubljana

Član broj: 47602
Poruke: 2239
*.dial-up.dsl.siol.net.

Jabber: mulaz@elitesecurity.org
Sajt: www.mulaz.org


+184 Profil

icon Re: Bug in latest Linux gives untrusted users root access03.11.2009. u 23:54 - pre 174 meseci
Citat:
The latest bug is mitigated by default on most Linux distributions, thanks to their correct implementation of the mmap_min_addr feature. But to make RHEL compatible with a larger body of applications, that distribution is vulnerable to attack even when the OS shows the feature is enabled, Spengler said.


znaci, prvo mora da bude RHEL (vise-manje)

drugo, za rhel su vec napravljeni patchi

jos uvek je lakse svim userima namestiti shell na /bin/nologin, popatchati server, i vratiti sve (naravno, web stranice su dostupne sve to vreme), negdo iskljuciti file server sa mreze (potpuno), i cekati da M$ popravi smb2, zato sto moze svako na mrezi da rusi server (a svi znamo kako je recimo na fakultetima i fakultetskim mrezama, gde je par stotina studenata stalno na mrezi, i na kraju nema sanse da se vidi ko je bio kriv, a i niko ne moze da izgubi posao zbog toga, i svima je dosadno :))
Bolje ispasti glup nego iz aviona
http://www.mulaz.org/
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16674
*.dip.t-dialin.net.



+7166 Profil

icon Re: Bug in latest Linux gives untrusted users root access03.11.2009. u 23:57 - pre 174 meseci
A zasto ti pricas na ovoj temi o MS SMB-u? Imamo posebnu temu za to:

http://www.elitesecurity.org/t...t-Windows-iliti-SMB-gt-OPET-lt <- it to sam je ja postavio

Ne kontam, to sto Windows isto ima rupe treba da cini idiotarije sa null pointerima u Linux kernelu... manjim idiotarijama?

Takodje... osim RHEL-a, pise i:

Citat:

What's more, many administrators are forced to disable the feature so their systems can run developer tools or desktop environments such as Wine.


Doduse, nIje mi bas najjasnije zasto bi Wine trazio ovako nesto...
DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

mulaz
Ljubljana

Član broj: 47602
Poruke: 2239
*.dial-up.dsl.siol.net.

Jabber: mulaz@elitesecurity.org
Sajt: www.mulaz.org


+184 Profil

icon Re: Bug in latest Linux gives untrusted users root access04.11.2009. u 00:03 - pre 174 meseci
Ne razumem ni zasto bi neko na serveru terao wine :)
Bolje ispasti glup nego iz aviona
http://www.mulaz.org/
 
Odgovor na temu

combuster
Ivan Bulatovic
Kraljevo

Član broj: 151351
Poruke: 4563
93.86.6.*

Sajt: www.linuxsrbija.org


+104 Profil

icon Re: Bug in latest Linux gives untrusted users root access04.11.2009. u 00:28 - pre 174 meseci
https://lists.ubuntu.com/archi...tu-devel/2008-July/025774.html

http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html

http://www.linuxinsight.com/proc_sys_vm_mmap_min_addr.html

Znaci iskljucivo je u pitanju emulacija 16bit-nih aplikacija koje koristi 0.01% korisnika. I to na serveru? Cmon'...
make love - !war
 
Odgovor na temu

Ivan Dimkovic

Administrator
Član broj: 13
Poruke: 16674
*.dip.t-dialin.net.



+7166 Profil

icon Re: Bug in latest Linux gives untrusted users root access04.11.2009. u 09:27 - pre 174 meseci
Ne zaboravite RHEL :)
DigiCortex (ex. SpikeFun) - Cortical Neural Network Simulator:
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey
 
Odgovor na temu

EArthquake

Član broj: 20684
Poruke: 884
*.adsl.eunet.rs.



+67 Profil

icon Re: Bug in latest Linux gives untrusted users root access04.11.2009. u 09:28 - pre 174 meseci
hehe , cika spender opet :)

on je napisao i mali framework za exploitovanje null ptr deref bugova u linuxu
http://www.grsecurity.net/~spender/enlightenment.tgz
 
Odgovor na temu

Stator
System Administrator
Beograd

Član broj: 14552
Poruke: 257
*.adsl.eunet.rs.



+3 Profil

icon Re: Bug in latest Linux gives untrusted users root access04.11.2009. u 11:33 - pre 174 meseci
I RH je to zakrpio tako da problema nema.
http://rhn.redhat.com/errata/RHSA-2009-1548.html

Naravno onaj ko je koristio SElinux u enforce modu nema nicega da se plasi od starta.
 
Odgovor na temu

xtraya
Vladanko Vladanovic
Belgrado

Član broj: 323
Poruke: 1011
85.222.163.*

ICQ: 6072593


+49 Profil

icon Re: Bug in latest Linux gives untrusted users root access05.11.2009. u 00:30 - pre 174 meseci
Dimkovic
Citat:
Super, pretpostavljam kad neki user ima shell na nekom share-ovanom web ili sl... serveru, to je sve OK :-)



Pfff... da da, sigurno ce da ima kad kupi hosting :)

Hmmm , na VIP-u 3G preko iphone-a 2,6 Mbps DL i 1,4 UP ...
 
Odgovor na temu

Dundjerski Nemanja
Srbija

Član broj: 13846
Poruke: 167
213.240.47.*



Profil

icon Re: Bug in latest Linux gives untrusted users root access05.11.2009. u 12:48 - pre 174 meseci
^ Generalno, mozda bi korisnik mogao da pokrene to na neke nacine. Ako ima php, mozda bi mogao da iskoristi neku system, passthrough, exec, fork, popen ili slicnu funkciju? Naravno to izvrsenje zavisi od vise faktora i sigurnosti servera, ali poenta je da ipak nije zanimljivo kada ovakav vulnerability izadje u javnost :-(
Unices are great!
 
Odgovor na temu

[es] :: Advocacy :: Bug in latest Linux gives untrusted users root access

[ Pregleda: 2986 | Odgovora: 11 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.