Article Title: Linux Local Elevation of Privilege Vulnerability, please update the udev program immediately. Linux is a technology channel of the IT lab in China. Linux udev programs, including desktop applications, Linux system management, kernel research, embedded systems and open-source systems, are vulnerable to Local Elevation of Privilege vulnerabilities. Local Users can easily obtain root privileges, update the udev program immediately. (2.4 kernel system not affected)
Solution (
Back up important data before restoration):
Debian users should execute apt-get update; apt-get upgrade-y
For centos users, execute yum update udev
For RedHat users, use the official rpm package to update or purchase the satellite service of RedHat.
Attack effect display:
Libuuid @ debian :~ $ Sh a 890
Sh-3.1 # id
Uid = 0 (root) gid = 0 (root) groups = 105 (libuuid)
Sh-3.1 # cat/etc/debian_version
Lenny/sid
Sh-3.1 # dpkg-l | grep udev
Ii udev 0.114-2/dev/and hotplug management daemon
It is confirmed that this attack method is quite effective for Debian and Ubuntu, and the attack effect on RedHat needs to be confirmed.
For the latest situation, refer to linux-udev-exploit/">Http://baoz.net/linux-udev-exploit/