tag 458251 + unreproducible
tag 458251 + moreinfo

On Sat, Dec 29, 2007 at 10:58:59PM +0200, Lex wrote:
> Package: linux-image
> Version:
> Tags: security
> Hello.
> I'm running debian etch server. kernel, libc6_2.3.6.ds1-13etch2
> updated by aptitude yesterday.

The string '' doesn't correspond to any Debian kernel
version. See this page for information on how you can find the
appropriate version information:

> Today my server was attacked. Attacker logged in as non privileged
> user "test".(password was brutforced). He used prctl local root exploit
> (code below).
> And it works! file "core" was dumped at folder /etc/cron.d/
> The only happiness is that cron did not run it.

You cannot be sure of this; with root privileges, an attacker could
modify your log to hide a successful attack. Unfortunately, the only
way you can be sure that this attacker no longer retains access is to
reinstall your system from scratch.

> Error in syslog:
> cron[2379]: Error: bad minute; while reading /etc/cron.d/core
> I tried to find out this exploit at google and find that it was affected to
> kernels 2.6.13- from kernel it should be fixed. But looks
> like not....

You appear to be referring to CVE-2006-2451 which was fixed in
Debian's 2.6.18 before etch released. I tried the exploit you provided
just to be sure, and it does not succeed on the latest etch kernel

dann frazier

To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org