[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Debian Development Machine "Gluck" Hacked - UPDATE

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
no ... the hacker used a previously hacked developer's account and he
used the fresh kernel bug to escalate to root privilege probably
because he had no access from the developer's account.. <br>
Read the story on debian.org<br>
<br>
David Taylor wrote:
<blockquote cite="midC0DC2962.22758%25ltr@xxxxxxxxxxxxx" type="cite">
  <pre wrap="">Curious why Secunia is rating this as 'less critical'.  The way 
I see it,
this exploit could be integrated into the other exploits for mambo, joomla,
phpbb, etc.  Also, all of us that have websites hosted on linux machines
that have a vulnerable kernel could get root?

I'm thinking 'highly critical'?



On 7/13/06 4:24 PM, "Morning Wood" <a class="moz-txt-link-rfc2396E" 
href="mailto:se_cur_ity@xxxxxxxxxxx";>&lt;se_cur_ity@xxxxxxxxxxx&gt;</a> wrote:

  </pre>
  <blockquote type="cite">
    <blockquote type="cite">
      <pre wrap="">Debian Development Machine Hacked
<a class="moz-txt-link-freetext" 
href="http://lists.debian.org/debian-devel-announce/2006/07/msg00003.html";>http://lists.debian.org/debian-devel-announce/2006/07/msg00003.html</a>
or
<a class="moz-txt-link-freetext" 
href="http://www.zone-h.org/content/view/13853/31/";>http://www.zone-h.org/content/view/13853/31/</a>
      </pre>
    </blockquote>
    <pre wrap="">Confirmed hacked by:
Linux Kernel PRCTL Core Dump Handling Privilege Escalation Vulnerability

<a class="moz-txt-link-freetext" 
href="http://www.debian.org/News/2006/20060713";>http://www.debian.org/News/2006/20060713</a>

or

<a class="moz-txt-link-freetext" 
href="http://www.zone-h.org/content/view/13853/31/";>http://www.zone-h.org/content/view/13853/31/</a>
  ( updated )

_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext" 
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext" 
href="http://secunia.com/";>http://secunia.com/</a>
    </pre>
  </blockquote>
  <pre wrap=""><!---->

==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security
Philadelphia PA USA
(215) 898-1236
<a class="moz-txt-link-freetext" 
href="http://www.upenn.edu/computing/security/";>http://www.upenn.edu/computing/security/</a>
==================================================

Penn Information Security RSS feed
<a class="moz-txt-link-freetext" 
href="http://www.upenn.edu/computing/security/rss/rssfeed.xml";>http://www.upenn.edu/computing/security/rss/rssfeed.xml</a>
Add link to your favorite RSS reader



_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext" 
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext" 
href="http://secunia.com/";>http://secunia.com/</a>


__________ NOD32 1.1659 (20060713) Information __________

This message was checked by NOD32 antivirus system.
<a class="moz-txt-link-freetext" 
href="http://www.eset.com";>http://www.eset.com</a>



  </pre>
</blockquote>
<br>
</body>
</html>

begin:vcard
fn:Arnaud Dovi / Ind. Security Researcher
n:Dovi;Arnaud
email;internet:ad@xxxxxxxxxxxxxxxx
tel;work:Independent Security Researcher
version:2.1
end:vcard


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/