Ubuntu closes root hole

cybercore

New Member
Joined
Jul 7, 2009
Ubuntu closes root hole


Ubuntu_New_Logo_200-23dd6106d0147178.png





A flaw in the module pam_motd (message of the day), which displays the daily motto and other information after login (to the shell), can be exploited under Ubuntu to expand access rights. Attackers can exploit this vulnerability to gain root access. Ubuntu has already Link Removed due to 404 Error a patch for the flaw. Operators of multi-users systems should install it as soon as possible because directions are already in circulation via Twitter on how to exploit the flaw to get access rights to the password file /etc/shadow. The file can then not only be read, but changed.


The problem is the result of the excessively high access rights with which pam_motd stores or modifies the file motd.legal-notice in the user's local cache directory after login. That file is designed to show whether the legal notice was displayed, but the module performs that function with root rights. With a symlink from the cache to the password file, the owner can be changed with a new login.


According to the developers, the problem only occurs on Ubuntu; other Linux systems are reportedly not affected. Ubuntu has remedied the flaw by taking root rights away from the module for access to the file motd.legal-notice
 
Good post cybecore . A very scary exploit indeed ! Now patched :)
 
No it is indeed not funny . A dangerous exploit b4 the patch .
 
Back
Top Bottom