Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Wednesday, February 13, 2008

Major Linux security hole found and fixed.

I just found out that there was a major Linux security hole after trying to figure out what the Linux kernel patch on the automatic update was for. After researching online, I found this:

The bug's effect is, in those versions of Linux using these kernels with this system call compiled in, to enable ordinary users with shell access to obtain root, superuser privileges. The security hole has been demonstrated in Debian, Fedora and Ubuntu.

Link

Tracked down the exploit code and test it before the system update.

$ gcc exploit.c -o exploit
$ whoami
testuser
$ ./exploit
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d97000 .. 0xb7dc9000
[+] root
# whoami
root

And after the update

$ ./exploit
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d61000 .. 0xb7d93000
[-] vmsplice: Bad address
$

Since I'm the only user on this computer and I don't install any program, the exploit wasn't big concern. However this could be a big problem on my previous work where there are multiple servers with thousands of shell users.

Posted by 7r09d0r at 11:41 PM 0 comments

Labels: ,

Saturday, March 10, 2007

LaCie external hard drive with biometric security

Pic from www.lacie.com

I was looking for FAQ entry for when you lost the finger. But the closest match I found was:

What happens if the fingerprint sensor is damaged? Just return the d2 SAFE drive to the factory and use the data from one of your backups in the meantime. (You did do a backup, right?)

Are they saying if you're a hacker, don't try to forge the finger print to access the data, but try backups?

I like to use finger print reader to computer login but I'll stick with TrueCrypt for sensitive and irreplaceable data.

Link

Posted by 7r09d0r at 10:05 PM 0 comments

Labels: ,

Wednesday, February 07, 2007

Oops

My guess is that someone buried (probably hack since there is no bury button on podcast section) the podcast causing its digg counts to become -1 from 0 digg. Since -1 equal to 4294967295 in 4 bytes unsigned integer.

Posted by 7r09d0r at 4:00 AM 0 comments

Labels: , ,

Subscribe to: Posts (Atom)