RE: kernel local root exploit

Another possible workaround,

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

Above kills payloads searching for static filename to execute...

--eddie

>From: "captgoodnight captgoodnight" <captgoodnight@hotmail.com>
>To: aklug@aklug.org
>Subject: RE: kernel local root exploit
>Date: Fri, 14 Jul 2006 12:37:56 -0800
>
>
>http://www.oreillynet.com/pub/faqs/linux_faq_AEN2834 <----- workaround
>
>/etc/security/limits.conf
><----- workaround
>* hard core 0
>
>
>
>
>
>ulimit -c 0
><----- workaround
>
>
>http://www.securityfocus.com/bid/18874/ <------INFO & safe
>exploit/testing code
>
>
>
>ENJOY,
>--eddie
>
>
>
> >From: Greg Madden <pabi@gci.net>
> >To: aklug@aklug.org
> >Subject: kernel local root exploit
> >Date: Fri, 14 Jul 2006 10:36:17 -0800
> >
> >A Debian server was compromised by this:
> >
> >http://lists.debian.org/debian-news/debian-news-2006/msg00030.html
> >--
> >Greg Madden
> >---------
> >To unsubscribe, send email to <aklug-request@aklug.org>
> >with 'unsubscribe' in the message body.
> >
>
>
>---------
>To unsubscribe, send email to <aklug-request@aklug.org>
>with 'unsubscribe' in the message body.
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Jul 14 13:53:55 2006