Home > Developer > Linux

Linux, September 11, January, with the trigger vulnerability, the Administrator rapidly supplemented ptrace 0day.

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Linux has been very bad in the last 30 days. First, the udev Local Elevation of Privilege Vulnerability on April 9, April 20, and then the SCTP remote overflow vulnerability on April 9, April 28. Today, a ptrace_attach Local Elevation of Privilege Vulnerability is coming, or 0 day! No patch!

Su baozi quickly looked at the vulnerability exploitation program. The principle should be to mount it to a suid root program through ptrace, and then execute the command with root permission by exploiting the vulnerability of the ptrace_attach function, generate/tmp /. exp: local root shell. Unfortunately, this exp is slightly problematic. In REDHAT, you need to make a slight modification to get the root permission.

Several temporary solutions are provided for your selection (the following solutions are simplified to difficult ):

1. Disable all common local user accounts until patches are released. This solution cannot prevent hackers with webshell from obtaining root privileges.

2. Disable all system suid root programs until patches are released. This scheme will cause some functions of the system to fail to be used normally.

3. Install sptrace LKM to disable ptrace for common users. This solution has a relatively small impact on the business, but is more complicated to implement.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More