Remote Root Exploit for Redhat 7.0 (fwd)

Dave Dittrich dittrich at cac.washington.edu
Tue Feb 27 12:39:42 PST 2001


Does anyone have one of the vulnerable LPRng RPM packages for RH 7.0
they could send me?

RedHat 7.0 (Guinness) with LPRng-3.6.22/23/24-1 from rpm - glibc-2.2-5

(E.g., the file LPRng-3.6.24-1.i386.rpm from an early RH 7.0 CD-ROM)

--
Dave Dittrich Computing & Communications
dittrich at cac.washington.edu Client Services
http://staff.washington.edu/dittrich University of Washington

PGP key http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5

---------- Forwarded message ----------
Date: Tue, 2 Jan 2001 09:51:11 -0800
Subject: Re: Remote Root Exploit for Redhat 7.0
From: Max Vision <vision at WHITEHATS.COM>
To: BUGTRAQ at SECURITYFOCUS.COM

Hi, since this was cross-posted to vuln-dev and Bugtraq I think the wider
audience should know the facts...

---------- Forwarded message ----------
Date: Sat, 30 Dec 2000 12:58:07 -0800 (PST)
From: Max Vision <vision at whitehats.com>
To: "kry_cek at libero.it" <kry_cek at LIBERO.IT>
Cc: VULN-DEV at SECURITYFOCUS.COM
Subject: Re: Remote Root Exploit for Redhat 7.0

Ew. When you diff the source, it is apparent that this is a plagiarized
exploit that was actually written by DiGiT of security.is [1] (which I saw
posted to their website December 8th!)

Not only that, but this was discussed publicly in September [2], then
fixed by Redhat in early October [3]. Redhat even went so far as to
change the 7.0 ISO image to include the fixed LPRng package Oct 11th [4],
so many recent default installations are not affected. Affected users
that used the old ISO images can still download the RPM updates [5].

[1] http://www.security.is/material/SEClpd.c
[2] http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17756
[3] http://www.redhat.com/support/errata/RHSA-2000-065-06.html
[4] ftp://ftp.redhat.com/pub/redhat/releases/guinness/i386/iso
[5] ftp://updates.redhat.com/7.0/i386/LPRng-3.6.24-2.i386.rpm
ftp://updates.redhat.com/7.0/SRPMS/LPRng-3.6.24-2.src.rpm

Max

On Sat, 30 Dec 2000, kry_cek at libero.it wrote:

> This exploit compromise Redhat 7.0 box and it allows to gain the root..

> is very dangerous.. please RedHat.com release a patch!!

> This expl take advantage of Lpd.

>

> For download this expl. look www.netcat.it/download/SEClpd.c

>

> Thx To All

> Staff of www.netcat.it

>





More information about the Linux mailing list