tag 458251 + unreproducible tag 458251 + moreinfo thanks On Sat, Dec 29, 2007 at 10:58:59PM +0200, Lex wrote: > Package: linux-image > Version: 2.6.18.5 > Tags: security > > Hello. > I'm running debian etch server. kernel 2.6.18.5, libc6_2.3.6.ds1-13etch2 > updated by aptitude yesterday.
The string '2.6.18.5' doesn't correspond to any Debian kernel version. See this page for information on how you can find the appropriate version information: http://wiki.debian.org/DebianKernelReportingBugs > Today my server was attacked. Attacker logged in as non privileged > user "test".(password was brutforced). He used prctl local root exploit > (code below). > And it works! file "core" was dumped at folder /etc/cron.d/ > The only happiness is that cron did not run it. You cannot be sure of this; with root privileges, an attacker could modify your log to hide a successful attack. Unfortunately, the only way you can be sure that this attacker no longer retains access is to reinstall your system from scratch. > Error in syslog: > cron[2379]: Error: bad minute; while reading /etc/cron.d/core > I tried to find out this exploit at google and find that it was affected to > kernels 2.6.13-2.6.17.4. from kernel 2.6.17.4 it should be fixed. But looks > like not.... You appear to be referring to CVE-2006-2451 which was fixed in Debian's 2.6.18 before etch released. I tried the exploit you provided just to be sure, and it does not succeed on the latest etch kernel (2.6.18.dfsg.1-17). -- dann frazier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
