On Thu Feb 27, 2003 at 09:43:04PM -0000, Priv8 Security wrote: > ------------------------------------------------------------------------------------------------------------------ > Priv8 Security - www.priv8security.com > > priv8mdk90.tar.gz - Mandrake 9.0 local root exploit > > Based on Idefense adv. > http://www.idefense.com/advisory/01.21.03.txt > > Greets to : coideloko, chroot-, xtc , M|ght, exitus, > overkill, blood_sucker, lkm, Brother > execk, printf, heap, diguin, n4rfy(nordico :ppp) and > all friends of Priv8 security. > > OBS. My english sux... > ------------------------------------------------------------------------------------------------------------------ > > Ok, our goal is to get root by exploiting ml85p thats > suid root by default on mdk 9.0 What Priv8 Security neglected to mention in their advisory is that a fix has been available since January 21st; the advisory is available here: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:010 -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
Attachment:
pgp00301.pgp
Description: PGP signature
