Advertisement
Home arrow ITsec News arrow Linux Kernel 0day Exploits: Soup du jour
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Linux Kernel 0day Exploits: Soup du jour PDF Print E-mail
User Rating: / 3
PoorBest 
Saturday, 15 July 2006

soupWithin one week we have witnessed what are now two critical vulnerabilities in the 2.6 version of the Linux kernel, with available exploits. Earlier this week one of  Debian.org's development machines was hacked by a the PRCTL vulnerability.  

Today another exploit against the 2.6 kernel was released that takes advantage of a kernel race condition, giving the attacker local root access. Named after the author "h00lyshit" was posted to the Full Disclosure mailing list by "Joanna R", a 0day kernel 2.6 local root exploit.

The author stated in the posting "This is a new genuine bug, unpatched in 2.6.17.4 - don't get confused by prctl inside - it is only used to change process status...

The code exploits a root race in /proc have a nice day."...what does this all mean? For some time there has been debate over the stability of the 2.6 kernel and these recent exploits could be a bad blow for many [ who rely on linux servers for critical sites and services ].

While Microsoft has had it's share of bad press about security, Linux is now in the crosshairs of researchers and blackhats alike. Often [ especially the elite blackhats ] attackers will wait for just the right exploit to come out to hit the biggest and juiciest targets they have been waiting to pounce on and devour, and this week could be the start of a big feeding frenzy. 

Again, this exploit requires some form of local user access to the vulnerable computer [ like ssh shell, that many persons have when they have hosted accounts, or a even some vulnerable web application ]. While not known exactly what exact versions and flavors of the Linux kernel are affected, confirmed reports exist of the exploit being viable on the following: 2.6.16-gentoo-r9 , 2.6.17.4 ,  2.6.16 and the exploit itself states "Vulnerable: Linux 2.6 ALL".

We will try to update the information about the extent of the flaw and versions affected once they become available. 

Would you like some sauce for your 0day today sir?


Comments Index (Total Messages: 3)
good ...! Written by Guest on 2006-07-15 14:48:20
Very good 0day Local Exploit Written by Guest on 2006-07-16 17:25:32
0day for two months already Written by Guest on 2006-07-15 23:29:31

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!