On Wed, 2003-03-19 at 15:13, Robinson Maureira Castillo wrote:
> On Wed, 19 Mar 2003, Andrus wrote:
> > You can download working exploit on
> > http://www.members.ee/ptrace-exploit.c
> > Its hell long exploit as I know, and still not patched!
> I have it, it's no longer on that URL, but I test it against the last=20
> errata kernel from RedHat and it's not vulnerable.
> [rmaureira@linux rmaureira]$ ./ptrace-xploit=20
> [-] Unable to attach: Operation not permitted
there is some misunderstanding about at least one of the exploits out
there; one of them will, when successful, make itself setuid-root....
admin tries exploit, succeeds
admin updates kernel to fixed one
admin tries exploit, gets root again due to setuid-root and thinks the
kernel is not fixed
admin yells at $vendor for providing a broken fix
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----