Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Recent Linux vulnerabilities

from [Leonardo Eloy] Network Security [Permanent Link]
Subject: Re: Recent Linux vulnerabilities
Date: Thu, 20 Jan 2005 10:38:25 -0300 
Rainer Duffner escreveu:

Michael Richardson wrote:

-----BEGIN PGP SIGNED MESSAGE-----


First, many of those reports are 2.6 specific.
Many deployed systems are running 2.4, which does not have anywhere near
as many issues.

You're right, but some of the issues I related are vulnerable in both kernel series.






Indeed. But even 2.4 has had more than enough bugs - though the situation with 2.6 is really disastrous, IMO.

I think both kernel series hasn't considered secure programming as on of the issues, when submitting patches. As Alan Cox said "/if you plot things like 'buffer overflow' 'structure passed to user space not cleaned' 'maths overflow check error' against time you'll see they show definite patterns with spikes decaying at different rates towards zero./" [http://kerneltrap.org/node/4570], but until we reach that point, we must be very careful with systems we deploy.

I'm glad my main servers run BSD ;-) 

Oh god! :P

Though not all my customers have that "privilege".


Second, "local exploits" mean you need to get a local user.
If you assume that, then you can assume a lot of other things too.

That's my question! :)
Have you guys been using more kernel-based method to gain superuser level or program-based exploits?




If all your PHP-apps are tight and secure, then yes.
Unfortunately, this isn't the case. Dare I say phpBB ?
Or look at other well-known PHP-projects - almost none of them can run in PHP-safemode and some have to tweak multiple php.ini-values to "a little bit less-secure" values.
In combination, the results can be very bad.
It's really becoming a nightmare.



cheers,
Rainer



--
Leonardo Eloy, LPIC-1, FCSE
Analista de Segurança
Morphus Tecnologia
Fone/Fax: 85 3452.5733/5737
Móvel: 85 8802.6740
e-mail: leonardo@morphus.com.br
site: http://www.morphus.com.br


As informações existentes nessa mensagem e nos arquivos anexados são para uso restrito, sendo seu sigilo protegido por lei. Caso 
não seja destinatário, saiba que leitura, divulgação ou cópia são proibidas. Favor apagar as informações e 
notificar o remetente. O uso impróprio será tratado conforme as normas da empresa e a legislação em vigor.

The information contained in this message and in the attached files are 
restricted, and its confidentiality protected by law. In case you are not the 
addressee, be aware that the reading, spreading and copy of this message is 
unauthorized. Please, delete this message and notify the sender. The improper 
use of this information will be treated according the company's internal rules 
and legal laws.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: priviledge escalation techniques, BSK
Next by Date:  RE: priviledge escalation techniques, Roy Stapleton
Previous by Thread:  Re: Recent Linux vulnerabilities, Michael Richardson
Next by Thread:  Symbol Keyguard wifi, Ng Security
Indexes:  [Date] [Thread] [Top] [All Lists]