Ubuntu closes root hole

Discussion in 'Linux Forums' started by cybercore, Jul 9, 2010.

  1. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,817
    Likes Received:
    319
    Ubuntu closes root hole


    [​IMG]




    A flaw in the module pam_motd (message of the day), which displays the daily motto and other information after login (to the shell), can be exploited under Ubuntu to expand access rights. Attackers can exploit this vulnerability to gain root access. Ubuntu has already provided a patch for the flaw. Operators of multi-users systems should install it as soon as possible because directions are already in circulation via Twitter on how to exploit the flaw to get access rights to the password file /etc/shadow. The file can then not only be read, but changed.


    The problem is the result of the excessively high access rights with which pam_motd stores or modifies the file motd.legal-notice in the user's local cache directory after login. That file is designed to show whether the legal notice was displayed, but the module performs that function with root rights. With a symlink from the cache to the password file, the owner can be changed with a new login.


    According to the developers, the problem only occurs on Ubuntu; other Linux systems are reportedly not affected. Ubuntu has remedied the flaw by taking root rights away from the module for access to the file motd.legal-notice
     
  2. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    27,875
    Likes Received:
    412
    Good post cybecore . A very scary exploit indeed ! Now patched :)
     
  3. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,817
    Likes Received:
    319

    Nothing funny really.
     
  4. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    27,875
    Likes Received:
    412
    No it is indeed not funny . A dangerous exploit b4 the patch .
     
  5. cybercore

    cybercore New Member

    Joined:
    Jul 7, 2009
    Messages:
    15,817
    Likes Received:
    319
    You are right
     

Share This Page

Loading...