Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Exploit for Mandrake 6.1 (PAM/userhelper bug)
From: darron () FROESE ORG (Darron Froese)
Date: Fri, 17 Mar 2000 08:58:19 -0700


on 3/14/00 5:14 PM, Paulo Ribeiro at prrar () NITNET COM BR wrote:

* DESCRIPTION:
* -----------
* Mandrake Linux 6.1 has the same problem as Red Hat Linux 6.x but its
* exploit (pamslam.sh) doesn't work on it (at least on my machine). So,
* I created this C program based on it which exploits PAM/userhelper
* and gives you UID 0.
*
* SYSTEMS TESTED:
* --------------
* Red Hat Linux 6.0, Red Hat Linux 6.1, Mandrake Linux 6.1.
*
* RESULTS:
* -------
* [prrar () linux prrar]$ id
* uid=501(prrar) gid=501(prrar) groups=501(prrar)
* [prrar () linux prrar]$ gcc pam-mdk.c -o pam-mdk
* [prrar () linux prrar]$ ./pam-mdk
* sh-2.03# id

It appears that Mandrake 6.0 is vulnerable too:

[darron () maul darron]$ gcc pam-mdk.c -o pam-mdk
[darron () maul darron]$ ./pam-mdk
sh-2.03# id
uid=0(root) gid=502(admin) groups=502(admin)
sh-2.03#
[darron () maul /etc]$ cat mandrake-release
Linux Mandrake release 6.0 (Venus)

--
Darron
darron () froese org
<http://darron.froese.org/>



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]