Imperva use hardened centos 5.4 to run Web Application Firewall and Database Activity Monitoring product. It could be exploit to get root in the kernel 2.6.18-164.15.1.el5.imp4 which was built by imperva in 9.5 patch 8 and 10.0 patch 2. I hope imperva could upgrade your OS to centos 5.9 with kernel 2.6.18-348 to keep your system secure. Your can check the attachment for details. [test95p8@GFWAF ~]$ uname -a Linux GFWAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013 x86_64 x86_64 x86_64 GNU/Linux [test95p8@GFWAF ~]$ cat /etc/redhat-release Imperva release 5.4 (Final) [test95p8@GFWAF ~]$ wc -l /etc/shadow wc: /etc/shadow: Permission denied [test95p8@GFWAF ~]$ id uid=505(test95p8) gid=507(test95p8) groups=507(test95p8) [test95p8@GFWAF ~]$ ./centos54_localroot_exp ########snip############## sh-3.2# id uid=0(root) gid=507(test95p8) groups=507(test95p8) sh-3.2# wc -l /etc/shadow 40 /etc/shadow sh-3.2# [root@WAF ~]# impctl platform show 2> /dev/null | grep version version 10.0.0.2_0 [root@WAF ~]# uname -a Linux WAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013 x86_64 x86_64 x86_64 GNU/Linux [root@WAF ~]# cat /etc/redhat-release Imperva release 5.4 (Final)
Attachment:
imperva10p2.png
Description: Attachment: imperva10p2.png
Attachment:
imperva9.5p8.png
Description: Attachment: imperva9.5p8.png
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
