Hi guys,
I'm investigating on kernel attacks. And, I wonder if by any chance, some of you have ever heard about it.
thanks
kernel attacks
Local root exploits? I Googled, and found this:
http://www.sans.org/resources/malwarefaq/Ptrace.php
That's one root exploit, and it's explained very nicely.
http://www.sans.org/resources/malwarefaq/Ptrace.php
That's one root exploit, and it's explained very nicely.
Yeah, but it's not THAT old ^^ the error was made 2006 I think, but it was discovered this year.glubby wrote:Yessssssss, thanks, it is what I was looking for.
I also heard about an old flaw in debian openssl making the key generation predictible. But, I can't put my hands on it. Does anyone heard about it ?
You are right, I found it : http://www.debian.org/security/2008/dsa-1571
So, finally I guess those kernel attacks are more popular than I thought
So, finally I guess those kernel attacks are more popular than I thought
kernel attacks on linux
rootkits,root exploits,privalage escalation,trojan
and also try typing sudo before your command,some admins are real noobz and leave the sudo command accessable
usualy most rootkits modify the binary files etc and inject themsleves,there many ways to detects this,program have been made to detect modified binaries,but they usualy require to have scanned the un original file ;:
IDS (intrusion detection system)
these are softwares made to detect when a possible threat to the system is made,eg
port sweeps,log wiping,binary modifying,root logged in,commands executed with root etc,also any accounts running super user privalages etc
note:alot of IDS's will be alerted when you execeute commands like sudo,set uid,chown,chgrp etc
trojans really are just like rootkits,not much difference anyways i think i will leave google to the work for you
rootkits,root exploits,privalage escalation,trojan
and also try typing sudo before your command,some admins are real noobz and leave the sudo command accessable
usualy most rootkits modify the binary files etc and inject themsleves,there many ways to detects this,program have been made to detect modified binaries,but they usualy require to have scanned the un original file ;:
IDS (intrusion detection system)
these are softwares made to detect when a possible threat to the system is made,eg
port sweeps,log wiping,binary modifying,root logged in,commands executed with root etc,also any accounts running super user privalages etc
note:alot of IDS's will be alerted when you execeute commands like sudo,set uid,chown,chgrp etc
trojans really are just like rootkits,not much difference anyways i think i will leave google to the work for you
not always,maybe i will write a tutorial laterglubby wrote:If I got everything, for you a kernel attack would be the installation of a backdoor (or something that integrate the kernel) or the usage of a misconfiguration (your sudo example).
Well, that's a good start, I will keep googling on it. thanks