On Tue, Jan 3, 2012 at 3:14 AM, Rudi Ahlers <Rudi@xxxxxxxxxxx> wrote:
>
>>> Very often, a single user with a
>>> weak password has his account cracked and then a hacker can get a copy
>>> of /etc/shadow and brute force the root password.
>>
>> This is incorrect. The whole reasoning behind /etc/shadow is to hide the
>> actual hashes from normal system users. /etc/shadow is chown root.root
>> and chmod 0400. Without root access /etc/shadow is not accessible.
>>
>
> So, explain this then:
>
>
> How does something like c99shell allow a local user (not root) to read
> the /etc/shadow file?
>
The description from here:
http://jigneshdhameliya.blogspot.com/2010/03/backdoorphpc99shellw.html
and other places says
"16. exploit a range of Linux kernel and bash command interpreter
vulnerabilies"
In other words, all those things that get listed as 'local'
vulnerabilities become remote vulnerabilities as soon as any app or
service allows running an arbitrary command.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
