Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Root Exploit in Linux 2.4 and 2.6

Posted by michael on from the without-users-this-wouldn't-be-a-problem dept.

Anonymous Coattails writes "Summary from the advisory: 'Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges.'"

32 of 795 comments (clear)

  1. *sits back* by Anonymous Coward · · Score: 3, Funny

    *awaits justifications and explanations of why this is nothing like Microsoft*

    1. Re:*sits back* by ackthpt · · Score: 5, Funny
      *awaits justifications and explanations of why this is nothing like Microsoft*

      Because in this case Linus Torvalds is our new overlord, and I for one, welcome him.

      --

      A feeling of having made the same mistake before: Deja Foobar
    2. Re:*sits back* by Lodragandraoidh · · Score: 2, Funny
      "We are sorry, all circuits are busy..." - Microsloth Help Desk

      "You can download the fix
      • here
      ..." - Any Linux website within a days (perhaps hours) of the report.
      --

      Lodragan Draoidh
      The more you explain it, the more I don't understand it. - Mark Twain
    3. Re:*sits back* by identity0 · · Score: 4, Funny

      I was going to make a comment about "rounding up workers for underground C mines", but I figured that didn't sound painful enough.

      So, I would like to remind Linus that I will be very useful in rounding up workers to toil in the underground Perl mines.

    4. Re:*sits back* by darc · · Score: 4, Funny

      Yeah yeah, that's the responsible thing to say. But responsible stuff is sooooooooo boring. I mean, if we were all responsible people that wanted stability, we'd all be running kernel 2.2, Apache 1.1, many year old revisions of programs patched to all heck, never install any packages that aren't yet at least of legal age, and still tout ISA support as a bleeding edge feature.

      Hmm. Wait, I think I just described Debian Stable.

      *is hit by a gigantic potato from the debian crowd*

      (Yes, I am aware that stable is called Woody, and the last version was called Potato. But if I said "is hit by a gigantic woody..." i'd probably get murdered. Oops.)

      --
      Tired of legitimate data sources? Try UNCYCLOPEDIA
    5. Re:*sits back* by EnronHaliburton2004 · · Score: 3, Funny

      Because in this case Linus Torvalds is our new overlord, and I for one, welcome him.

      Dude, he was our new overlord like 10 years ago, get with the program...

      --
      94% of Repubs and 21% of Dems voted to renew the Patriot Act
    6. Re:*sits back* by Alsee · · Score: 2, Funny

      Potato?? Woody??

      Jeez. What the hell are they going to call the next release of Debian stable? Boner?

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
    7. Re:*sits back* by m50d · · Score: 2, Funny

      I'm willing to compare apples to apples, but if you want me to include the major apps installed on linux distros, you should also include lots of external software for windows - some of it third party, since there doesn't seem to be an MS alternative to (for example) the GIMP.

      --
      I am trolling
  2. So I guess the question is... by Anonymous Coward · · Score: 1, Funny

    Does this exploit run Linux?

  3. How the hell by BoomerSooner · · Score: 3, Funny

    How do people find this stuff? Amazing. Open source is astounding.

    When do I get my kernel update?

    1. Re:How the hell by pasde · · Score: 3, Funny


      When do I get my kernel update?

      No worry. I ve already installed it for you.

  4. won't be exploted here! by Dominatus · · Score: 5, Funny

    It's a good thing I've got the patch downloa

  5. Funny you should mention... by Yaa+101 · · Score: 3, Funny

    I need no exploit to gain root privileges, I just login...

  6. Re:That's why MS will rule the world. by spac3manspiff · · Score: 2, Funny

    Mod parent -1 denial.

  7. lets hope no-one discovers by Anonymous Coward · · Score: 2, Funny


    su

  8. Re:What, no remote exploit?!? by EnderWiggnz · · Score: 2, Funny

    you mean to tell me that people have found exploits in bind and sendmail?

    no way - they're perfect open source programs. model programs, so to speak.

    next, you'll tell me that x is a crufty, inefficient kludge.

    --
    ... hi bingo ...
  9. Re:What, no remote exploit?!? by mm0mm · · Score: 3, Funny
    where as every nearly every Windows flaw is remotely exploitable?

    Don't you think it's more convenient for you to be able to hack multiple machines over LAN? Another reason to choose Windows over Linux.

  10. I'm safe! by ferratus · · Score: 2, Funny

    It doesn't work on my Gentoo box running 2.6.9 so I'm safe. This machine will not be hacked.

    It's a good thing I have telnet running on that box so that I could try it remotly though.

    --
    IP Therefore I am.
  11. Re:Local Access is always a trump card by arose · · Score: 4, Funny

    Local as in "need user level access" not "need screwdriver level access".

    --
    Analogies don't equal equalities, they are merely somewhat analogous.
  12. Re:What, no remote exploit?!? by Dr.Zap · · Score: 2, Funny

    " Why is it every nearly Linux flaw is locally exploitable, where as every nearly every Windows flaw is remotely exploitable?"

    That would be Microsoft's superior networking ability, along with it's user (or abuser) friendly interfaces!

  13. Re:What's truly funny by Anonymous Coward · · Score: 1, Funny

    STFU! You should be posting these kinda things AC, like me!

  14. Re:Distribution restrictions by Anonymous Coward · · Score: 2, Funny

    Nah...this is smart. Copyright the exploit code, and then once a worm is spread, he can sue everyone for copyright infringement.

  15. Here's the exploit (-; by MacJedi · · Score: 3, Funny
    #!/bin/sh
    echo "1|nux r007 3xp10|7 by 1c4m7uf"
    cd /tmp
    cat >ex.c <<eof
    int getuid() { return 0; }
    int geteuid() { return 0; }
    int getgid() { return 0; }
    int getegid() { return 0; }
    eof
    gcc -shared ex.c -oex.so
    LD_PRELOAD=/tmp/ex.so sh
    rm /tmp/ex.so /tmp/ex.c
    --
    2^5
  16. what's that sound I hear? by Trepidity · · Score: 3, Funny

    It's the sysadmins of University email and webservers across the country going apeshit as suddenly the entire student body potentially has root...

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    1. Re:what's that sound I hear? by scottking · · Score: 3, Funny

      I wish there was a +1 Used 'Apeshit' in a sentence modifier.

      --
      scott king
  17. here's a patch by antonakis · · Score: 2, Funny

    ...though a bit big. www.openbsd.org

  18. Thank God... by mackman · · Score: 3, Funny

    Thank God I run Firefox!

  19. Re:isec.pl's guys rule by gbjbaanb · · Score: 2, Funny

    Perhaps someone should offer a job to those guys so they can audit parts of the kernel better

    Yeah, lol. Microsoft.

    Oh sorry, I though you meant, 'someone should offer these guys a job so they can audit the kernel better to find *more* exploits, allowing MS to publicise all these anti-linux holes' ;)

  20. Re:FreeBSD by Anonymous Coward · · Score: 1, Funny

    You need clever people to find an exploit on FreeBSD.
    You just need a kid to crash your Linux box several times in several different ways.

  21. That's right! Stick with 2.0.36 by Tom7 · · Score: 2, Funny

    That's why I've been sticking with 2.0.36 all these years. I haven't seen a security advisory for it in ages.

  22. Dangit... by catdevnull · · Score: 3, Funny

    All those MCSE dorks down the hall are gonna give me sh*t for the next week.

    Reminds me of a punchline to my favorite Scottish joke:
    "Aye, lad...ya screw ONE goat..."

    --

    I might know what I'm talkin' about, but then again, this is Slashdot...
  23. Re: bugs in code by FireBreathingDog · · Score: 2, Funny
    I don't know what sigma level Microsoft is at but with 2 defects per 100 is 360000 per 1,000,000 lines of code. That puts them at a sigma level between 3 and 4. The Majority of software makers are below that. Yet if MS were six-sigma (they sell software that tracks it) they would have only 61 defects for those 18 million lines of code.

    That's why you should always put curly braces on their own lines, to increase your total lines of code. Helps achieve a more favorable sigma.

    --
    Shame on Google.