server debian crakkati - una spiegazione - [SECURITY] userland can access Linux kernel memory
----- Forwarded message from Wichert Akkerman wichert@wiggy.net -----
Recently multiple servers of the Debian project were compromised using a Debian developers account and an unknown root exploit. Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space. This problem was found in September by Andrew Morton, but unfortunately that was too late for the 2.4.22 kernel release.
This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and 2.6.0-test6 kernel tree. For Debian it has been fixed in version 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 kernel images and version 2.4.18-11 of the alpha kernel images.
* marco ghidinelli (marcogh@linux.it) ha scritto:
----- Forwarded message from Wichert Akkerman wichert@wiggy.net -----
Recently multiple servers of the Debian project were compromised using a Debian developers account and an unknown root exploit.
quindi ha sniffato o ottenuto in altro modo + sociale o piu' grezzo l'account, prima ...
Forensics
un tool diagnostico?
revealed a burneye encrypted exploit.
un exploit binario eseguibile crittato .. burneye??
Robert van der Meulen
...
managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams
loro sono i migliori kerenel hacker in giro, quindi ? ;)
quickly
addirittura! ma quelli di debian nel frattempo? avranno avuto altri cazzi? e slackwaristi vari? o forse e' x' queste distro hanno aziende e team pagati e stabili?
revealed that the exploit used an integer overflow in the brk system call.
sfrutta un overflow di integer?? mi spiega qualcuno in due righe gli overflow (eccesso di dati) sui buffer o qui, sugli integer (interi??)
nella chiamata di sistema brk ()
Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space.
attraverso questo baco e' possibile per un programma che gira in userspace ingannare il kernel e avere accesso allo spazio totale degli iindirizzi del kernel
This problem was found in September by Andrew Morton, but unfortunately that was too late for the 2.4.22 kernel release.
problema individuato in settembre, ma purtoppo tardi per la release 2.4.22
This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and 2.6.0-test6 kernel tree.
ovviamente adesso il bug e' fisato, quindi tosatti ha patchato il kernel della 2.4 -> che passa alla 2.4.23 e linus la 2.6 - che e' ancora in test ma esce a breve ;)
e i manteiner debian hanno fixato le immagini del kernel, too abbiamo la 2.4.18-12 del pacchetto dei sorgenti kernel, e la 2.4.18-14 come immagine del kernel
For Debian it has been fixed in version
2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 kernel images and version 2.4.18-11 of the alpha kernel images. _______________________________________________
assolutamente interessante e cmnq come scrivevo ieri anche da mettere in relazione con altre compromissioni importanti in giro pare scontato che non si tratti di rapetto e della postale ;))
-
carl0z -
marco ghidinelli