-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ABRT sosreport Privilege Escalation module #11762
Conversation
I'm looking for Redhat 7.1 but it seems their website only provides 7.2 at the minimum... could you please find me a link for 7.1? |
You'll need to sign up as a Red Hat developer, auth to SSO, and then navigate to the correct portal. This can be achieved in 47 simple steps. No rush. I'll need to address the above issue before this lands. |
47 steps!? Wow it's almost like they don't want you to get it. |
Edit: [not shown above: the 43 steps required to register and find that link] |
Thank you. |
FWIW, the changes work as expected, though this is not vulnerable:
I'm downloading a CentOS 7.0 iso right now and will try that tomorrow if this is still up. |
You'll need RHEL, not CentOS. |
Is ABRT the default? I have a 7.1 server x64 VM, and at least on it I got "System is not configured to use ABRT for crash reporting" |
I believe so. That seems like the kind of thing I would have documented if it weren't default. Both my RHEL 7.0 and RHEL 7.1 had ABRT configured as the crash handler. I checked the shell history on both test boxes and found no indication that I'd changed the core pattern. The advisory also indicates that it is the default crash handler:
Changing the
But my guess is that your RHEL 7.1 system is likely not vulnerable, as 7.1 was released on 2015-03-05 and the bug was dropped about 6 months later on 2015-11-23. If you're installed updates any time in the last 4 years it will be patched. |
Successfully tested against RHEL 7.1:
|
Release NotesThis adds a module that attempts to gain root privileges through a symlink attack by exploiting the Automatic Bug Reporting Tool (ABRT) before |
Lazy wrapper for rebel's
sosreport-rhel7.py
exploit.Red Hat Enterprise Linux 7.0 (x64)
Red Hat Enterprise Linux 7.1 (x64)