Índice
Últimas imágenes
Buscar
Registrarse
ConectarseAgujero en el núcleo de Linux permite escalar privilegios de root gracias a un exploit
Página 1 de 1.
Agujero en el núcleo de Linux permite escalar privilegios de root gracias a un exploit
kmx0 Dom Sep 19 2010, 04:44
Un parche para una vulnerabilidad en la forma en la que Linux puede ejecutar binarios de 32 bits en sistema de 64bits , que fué subsanado completamente en 2007, vuelve a la carga tras la eliminación de dicho parche . URL del exploit : pastebin.com/En31q4zw La solución al problema, mientras no se necesite abrir programas 32 bits en un Linux de 64 : seclists.org/fulldisclosure/2010/Sep/273
Original:
Hole in Linux kernel provides root rights
Tux - with a hole A vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges. For instance, attackers can break into a system and exploit a hole in the web server to get complete root (also known as superuser) rights or permissions for a victim's system.
According to a report, the problem occurs because the 32-bit call emulation layer does not check whether the call is truly in the Syscall table. Ben Hawkes, who discovered the problem, says the vulnerability can be exploited to execute arbitrary code with kernel rights. An exploit (direct download of source code) is already in circulation; in a test conducted by The H's associates at heise Security on 64-bit Ubuntu 10.04, it opened a shell with root rights.
The kernel developers have remedied the flaw in the repository, and Linux distributors will probably soon publish new kernels to close the hole. Until then, switching off 32-bit ELF support solves the problem if you can do without this function. For instructions, see: "Workaround for Ac1db1tch3z exploit".
Hawkes says the vulnerability was discovered and remedied back in 2007, but at some point in 2008 kernel developers apparently removed the patch, reintroducing the vulnerability. The older exploit apparently only needed slight modifications to work with the new hole.
FUENTE:http://www.h-online.com/open/news/item/Hole-in-Linux-kernel-provides-root-rights-1081317.html
VIA:meneame.net
Original:
Hole in Linux kernel provides root rights
Tux - with a hole A vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges. For instance, attackers can break into a system and exploit a hole in the web server to get complete root (also known as superuser) rights or permissions for a victim's system.
According to a report, the problem occurs because the 32-bit call emulation layer does not check whether the call is truly in the Syscall table. Ben Hawkes, who discovered the problem, says the vulnerability can be exploited to execute arbitrary code with kernel rights. An exploit (direct download of source code) is already in circulation; in a test conducted by The H's associates at heise Security on 64-bit Ubuntu 10.04, it opened a shell with root rights.
The kernel developers have remedied the flaw in the repository, and Linux distributors will probably soon publish new kernels to close the hole. Until then, switching off 32-bit ELF support solves the problem if you can do without this function. For instructions, see: "Workaround for Ac1db1tch3z exploit".
Hawkes says the vulnerability was discovered and remedied back in 2007, but at some point in 2008 kernel developers apparently removed the patch, reintroducing the vulnerability. The older exploit apparently only needed slight modifications to work with the new hole.
FUENTE:http://www.h-online.com/open/news/item/Hole-in-Linux-kernel-provides-root-rights-1081317.html
VIA:meneame.net
kmx0- Mensajes : 522
Fecha de inscripción : 23/06/2010
Localización : AL-ANDALUS -
Temas similares» Como meter un exploit en una web con ingenio
» Comandos Linux
» Damn Vulnerable Linux
» Soy novato, necesito ayuda
» Siete comandos que nunca debes ejecutar en Linux.
» Comandos Linux
» Damn Vulnerable Linux
» Soy novato, necesito ayuda
» Siete comandos que nunca debes ejecutar en Linux.
Página 1 de 1.
Permisos de este foro:
No puedes responder a temas en este foro.