darronFROESE.ORG

• Next message: Michal Zalewski: "Re: a few bugs ..."
• Previous message: PAUL VanDyke: "DoS with NAVIEG"
• In reply to: Paulo Ribeiro: "Exploit for Mandrake 6.1 (PAM/userhelper bug)"
• Next in thread: Jeremy Gault: "Re: Exploit for Mandrake 6.1 (PAM/userhelper bug)"
• Reply: Darron Froese: "Re: Exploit for Mandrake 6.1 (PAM/userhelper bug)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

on 3/14/00 5:14 PM, Paulo Ribeiro at prrarNITNET.COM.BR wrote:

> * DESCRIPTION:
> * -----------
> * Mandrake Linux 6.1 has the same problem as Red Hat Linux 6.x but its
> * exploit (pamslam.sh) doesn't work on it (at least on my machine). So,
> * I created this C program based on it which exploits PAM/userhelper
> * and gives you UID 0.
> *
> * SYSTEMS TESTED:
> * --------------
> * Red Hat Linux 6.0, Red Hat Linux 6.1, Mandrake Linux 6.1.
> *
> * RESULTS:
> * -------
> * [prrarlinux prrar]$ id
> * uid=501(prrar) gid=501(prrar) groups=501(prrar)
> * [prrarlinux prrar]$ gcc pam-mdk.c -o pam-mdk
> * [prrarlinux prrar]$ ./pam-mdk
> * sh-2.03# id

It appears that Mandrake 6.0 is vulnerable too:

[darronmaul darron]$ gcc pam-mdk.c -o pam-mdk
[darronmaul darron]$ ./pam-mdk
sh-2.03# id
uid=0(root) gid=502(admin) groups=502(admin)
sh-2.03#
[darronmaul /etc]$ cat mandrake-release
Linux Mandrake release 6.0 (Venus)

--
Darron
darronfroese.org
<http://darron.froese.org/>

• Next message: Michal Zalewski: "Re: a few bugs ..."
• Previous message: PAUL VanDyke: "DoS with NAVIEG"
• In reply to: Paulo Ribeiro: "Exploit for Mandrake 6.1 (PAM/userhelper bug)"
• Next in thread: Jeremy Gault: "Re: Exploit for Mandrake 6.1 (PAM/userhelper bug)"
• Reply: Darron Froese: "Re: Exploit for Mandrake 6.1 (PAM/userhelper bug)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]