BugTraq
Back to list
|
Post reply
Mandrake 9.0 local root exploit
Feb 27 2003 09:43PM
Priv8 Security (xtc priv8security com)
(2 replies)
Re: Mandrake 9.0 local root exploit
Feb 28 2003 01:09AM
KF (dotslash snosoft com)
Re: Mandrake 9.0 local root exploit
Feb 28 2003 12:08AM
Vincent Danen (vdanen mandrakesoft com)
On Thu Feb 27, 2003 at 09:43:04PM -0000, Priv8 Security wrote:
> ------------------------------------------------------------------------
------------------------------------------
> Priv8 Security - www.priv8security.com
>
> priv8mdk90.tar.gz - Mandrake 9.0 local root exploit
>
> Based on Idefense adv.
> http://www.idefense.com/advisory/01.21.03.txt
>
> Greets to : coideloko, chroot-, xtc , M|ght, exitus,
> overkill, blood_sucker, lkm, Brother
> execk, printf, heap, diguin, n4rfy(nordico :ppp) and
> all friends of Priv8 security.
>
> OBS. My english sux...
> ------------------------------------------------------------------------
------------------------------------------
>
> Ok, our goal is to get root by exploiting ml85p thats
> suid root by default on mdk 9.0
What Priv8 Security neglected to mention in their advisory is that a fix has
been available since January 21st; the advisory is available here:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003
:010
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> ------------------------------------------------------------------------
------------------------------------------
> Priv8 Security - www.priv8security.com
>
> priv8mdk90.tar.gz - Mandrake 9.0 local root exploit
>
> Based on Idefense adv.
> http://www.idefense.com/advisory/01.21.03.txt
>
> Greets to : coideloko, chroot-, xtc , M|ght, exitus,
> overkill, blood_sucker, lkm, Brother
> execk, printf, heap, diguin, n4rfy(nordico :ppp) and
> all friends of Priv8 security.
>
> OBS. My english sux...
> ------------------------------------------------------------------------
------------------------------------------
>
> Ok, our goal is to get root by exploiting ml85p thats
> suid root by default on mdk 9.0
What Priv8 Security neglected to mention in their advisory is that a fix has
been available since January 21st; the advisory is available here:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003
:010
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
[ reply ]