[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: !SPAM! [Full-Disclosure] Automated ssh scanning

To: Richard Verwayen <holle@xxxxxxx>
Subject: Re: !SPAM! [Full-Disclosure] Automated ssh scanning
From: sec-focus@xxxxxxxxx
Date: Thu, 26 Aug 2004 21:53:13 +0000 (GMT)

On Thu, 26 Aug 2004, Richard Verwayen wrote:

> Then I updated this machine at least once a week with 
> apt-get update && apt-get dist-upgrade
> 
> You may want have a look at the installed packages in the list attached

I noticed from your installed list the kernel you have is:

kernel-source- 2.4.19-4.woody Linux kernel source for version 2.4.19

In the tools you posted about earlier, in xpl.tar.gz is the program "p4", 
this is a compiled version of:

http://www.isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt

I expect this is how the privilage escallation was done from guest to 
root.  I've seen this very thing used on another system.  The kernel you 
have on that woody machine is within the range of exploitable kernels.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: !SPAM! [Full-Disclosure] Automated ssh scanning
  - From: Richard Verwayen

Prev by Date: [Full-Disclosure] SSL Vulnerability??
Next by Date: [Full-Disclosure] Re: block all popups [google knockoff]
Previous by thread: Re: [Full-Disclosure] Automated ssh scanning
Next by thread: Re: !SPAM! [Full-Disclosure] Automated ssh scanning
Index(es):
- Date
- Thread