[VulnWatch] Immunity Advisory: Solaris kernel loading fun

From: Dave Aitel (dave_at_immunitysec.com)
Date: 03/23/04

  • Next message: Ferruh Mavituna: "[VulnWatch] Blogger XSS Vulnerability"
    Date: Tue, 23 Mar 2004 16:57:43 -0500
    To: vulnwatch@vulnwatch.org
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Immunity Research has released an Advisory from the Vulnerability
    Sharing Club into the public domain. This advisory can be found at
    http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf

    Technical Summary: There is a vulnerability in Solaris that allows
    local users to load kernel modules without being root. This is handy
    for getting around things like Argus Pitbull (if it still existed) or
    Okena or Entercept or anything like that, or simply for just taking
    root. An exploit for this was released as part of the Shellcoder's
    Handbook.

    There is a Solaris patch that appears to make this exploit ineffective.
    http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57479&zone_32=category%3Asecurity

    Dave Aitel
    Immunity, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFAYLLXzOrqAtg8JS8RAlFAAJ9J1/EkfleCMDn8T+qFWZqLah1OHACfQRlV
    yCWiZdoCR8RgGylAjdrC4/w=
    =Bm2x
    -----END PGP SIGNATURE-----


  • Next message: Ferruh Mavituna: "[VulnWatch] Blogger XSS Vulnerability"

    Relevant Pages

    • Immunity Advisory: Solaris local kernel root
      ... Immunity Research has released an Advisory from the Vulnerability ... local users to load kernel modules without being root. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
      (Bugtraq)
    • [OpenPKG-SA-2003.016] OpenPKG Security Advisory (sendmail)
      ... Vulnerability: code execution, root exploit ... According to an ISS X-Force advisory, ... gain "root" or superuser control of any vulnerable Sendmail server. ... $ ftp ftp.openpkg.org ...
      (Bugtraq)
    • Re: Internet Explorer 0day exploit
      ... it tells us as a community where we need to focus our efforts. ... protocol" that defines a guideline for contents in an advisory. ... so I encourage everyone doing vulnerability ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
      (Bugtraq)
    • Re: Immunity Advisory: Solaris local kernel root
      ... >Immunity Research has released an Advisory from the Vulnerability ... >local users to load kernel modules without being root. ... >There is a Solaris patch that appears to make this exploit ineffective. ...
      (Bugtraq)
    • [NT] CitectSCADA ODBC Service Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... are distributed in over 80 countries through a network of more than 500 ... A vulnerability was found in CitectSCADA that could allow a remote ...
      (Securiteam)