A serious bug in the linux kernel v 2.6.17 or newer that allows a local user or someone who has ssh access to obtain root priviledges. The bug is due to vmsplice() system call.

CVE-2008-0009

CVE-2008-0010

CVE-2008-0600

More information here: dsd's weblog

Also, you can have a look at the redhat / fedora bugzilla which has a working exploit code

If you are the only person who uses your linux computer (locally or remote) then you really have nothing to worry about.

Steps to Reproduce:
1. Download http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
2. cc -o exploit 27704.c
3. [as non-privileged user] ./exploit

Actual results:

Root shell

This is part 7 of a multi-part article. Part 1 is available here, part 2 is available here, part 3 is available here, and part 4 is available here. Part 5 is here. Part 6 is available here. Part 1 discusses the importance of complex passwords and also discusses some ways to create them in Linux. Part 2 covers the KeepassX, a program with a very nice graphical user interface. Part 3, takes a look at the gpass program which is a nice graphical user interface for the gnome desktop (will work on others too), part 4 takes a look at the command line pwsafe. Part 5 takes a look at the command line cpm (console password manager). Part 6 takes a look at ked password manager that has both a GTK2 and cli interface.

In part 7, we will take a look at gorilla password manager. Initially, I wasn't going to cover this particular password manager because there wasn't an ebuild available for gentoo / sabayon Linux. However, the installations is very easy and it supports the version 3.x database of the Windows Password Safe by Counterpane Labs. Gorilla is also a cross-platform application, able to be installed and run on Microsoft Windows, Mac OS X, Linux, Solaris, *BSD, Windows Mobile, Pocket PC, Windows CE, and is also available via source code under the gnu gpl.

This is part 6 of a multi-part article. Part 1 is available here, part 2 is available here, part 3 is available here, and part 4 is available here. Part 5 is here. Part 1 discusses the importance of complex passwords and also discusses some ways to create them in Linux. Part 2 covers the KeepassX, a program with a very nice graphical user interface. Part 3, takes a look at the gpass program which is a nice graphical user interface for the gnome desktop (will work on others too), part 4 takes a look at the command line pwsafe. Part 5 takes a look at the command line cpm (console password manager).

In this issue, we are going to take a look at ked password manager. The ked password manager has both a graphical user interface based on GTK2 and also a command line interface. I will cover both of them in this article.

This is part 5 of a multi-part article. Part 1 is available here, part 2 is available here, part 3 is available here, part 4 is available here. Part 1 discusses the importance of complex passwords and also discusses some ways to create them in Linux. Part 2 covers the KeepassX, a program with a very nice graphical user interface. In part 3, takes a look at the gpass program which is a nice graphical user interface for the gnome desktop (will work on others too), part 4 takes a look at the command line pwsafe, and in part 5 we will take a look at cpm (console password manager) that is based on ncurses.

cpm is a ncurses based console tool to manage passwords and store them public key encrypted in a file - even for more than one person. The encryption is handled via GnuPG so the programs data can be accessed via gpg as well, in case you want to have a look inside. The data is stored as as zlib compressed XML so it’s even possible to reuse the data for some other purpose.

This is part 4 of a multi-part article. Part 1 is available here, part 2 is available here, part 3 is available here. Part 1 discusses the importance of complex passwords and also discusses some ways to create them in Linux. Part 2 covers the KeepassX, a program with a very nice graphical user interface. In part 3, takes a look at the gpass program which is a nice graphical user interface for the gnome desktop (will work on others too), part 4 takes a look at the command line pwsafe.

pwsafe is a unix commandline program that manages encrypted password databases.

This is part 3 of a multi-part article. Part 1 is available here, part 2 is available here. Part 1 discusses the importance of complex passwords and also discusses some ways to create them in Linux. Part 2 covers the KeepassX, a program with a very nice graphical user interface. In part 3, takes a look at the gpass program which is a nice graphical user interface for the gnome desktop (will work on others too).

Metasploit 3.1 was released a couple of days ago and I had been playing around with it because it includes several new features. I will also include a video tutorial of a remote shell against a linux system running distcc. Distcc is a distributed c/c++ compiler, meaning, you can use multiple computers to compile the same software over a network. This speeds up compile times and is often used in server farms for compiling software. This video is not a bug in the software so much as a improperly configured network/system and is rather well known.

The reason I chose distcc for the example instead of something more exotic is because I can get a remote shell and be logged in as the distcc user. This means I can browse the filesystem, use cat, read various files, etc. I can also run any command that distcc is able to run. Another reason I chose distcc for the example is because some people run distcc over public networks. This leaves them vulnerable to a simple attack in which information can be gathered which may allow a better remote compromise. Gentoo / Sabayon linux users often run distcc to help speed up compile times when installing new software or updating the system.

Here is a link to the full size video at my personal homepage (the youtube video is very small and poor quality)

This is part 2 of the article "The Ultimate Linux Password Management Guide" and will show you how to use keepassx for managing collections of complex passwords.. Part 1 is available here. Part 1 talks about the importance of relatively complex passwords, several utilities and methods of creating relatively complex passwords, and also lists some of the software we will review for managing relatively complex passwords.

This is part 1 of a multi-part article. Part 2 is scheduled for publication on 02-02-2008. Links to additional parts will be created as they are published.

Everybody knows that you shouldn't use a single password for EVERYTHING, yet most people do. Why? Well, because remembering a single complex password is often hard so remembering multiple complex passwords are even harder. However, as more and more technologies go "online" such as banking, lending institutions, payment methods, email, etc the use of unique complex passwords becomes CRITICAL because computers are now able to crack passwords much quicker. When you use a single password for all accounts, if any account gets compromised, they are all compromised!

To look at the last statement a little more in-depth, most anything that requires a password these days requires some way to identify you. Practically everybody knows that single way online is via an email address. If a person was able to compromise a database of accounts, they will likely have your password and your email address. Finding accounts for other web sites is just a matter of using a search engine and searching for your email address. However, what is the sense of wasting time looking for accounts when you likely own the email account too (since it probably uses the same password). Now all a person has to do is login to your email account and search for emails that may contain account information (cause we all know we never delete those types of emails). And, if a web site doesn't have an account with your email address, creating one is just as simple since we "OWN" the email account now and can intercept the confirmation emails that often accompany new accounts.

This article looks at several utilities, programs, and commands to make password management on Linux easy. If you don't like these methods, you can also follow some guidelines that are here or here.

Guide for Linux is presented as Hardening Tips for the Red Hat Enterprise Linux 5 and Guide to the Secure Configuration of Red Hat Enterprise Linux 5. Of course most of recommendation suit other distributions. Here is the introduction quote from latter guide:

The purpose of this guide is to provide security configuration recommendations for the Red Hat Enterprise Linux (RHEL) 5 operating system. The guidance provided here should be applicable to all variants (Desktop, Server, Advanced Platform) of the product. Recommended settings for the basic operating system are provided, as well as for many commonly-used services that the system can host in a network environment.

The guide is intended for system administrators. Readers are assumed to possess basic system administration skills for Unix-like systems, as well as some familiarity with Red Hat’s documentation and administration conventions. Some instructions within this guide are complex. All directions should be followed completely and with understanding of their effects in order to avoid serious adverse effects on the system and its security.

Above mentioned guide covers the following directions: system-wide configuration (for example, iptables and ip6tables setup, logging, selinux and etc.) and services configuring (SSH, Avahi server, MTA, LDAP and many others).