LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-20-2006, 06:46 PM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: lost+found
Distribution: CentOS
Posts: 1,430

Rep: Reputation: 55
What does junk the cache mean?


I am trying to see if
2.6.42 is vulnerable on my test server,
can you confirm you got the same:
[tester@test tmp]$ ./h00lyshit file

preparing
trying to exploit file

failed: Permission denied

They state:
** if y0u dont have one, make big file (~100MB) in /tmp with dd
** and try to junk the cache e.g. cat /usr/lib/* >/dev/null

What do they mean by
"and try to junk the cache e.g. cat /usr/lib/* >/dev/null" ?
 
Old 09-22-2006, 03:52 AM   #2
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
maybe so ur kernel is not vulnerable..i got the same on a not affected kernel. on affected kernel i get Exec format error.

Last edited by ~=gr3p=~; 09-22-2006 at 04:02 AM.
 
Old 09-23-2006, 06:43 AM   #3
Valkyrie_of_valhalla
Member
 
Registered: Jan 2006
Location: Romania
Distribution: Suse 12.0, Slackware 12.1, Debian, Ubuntu, Gentoo
Posts: 301

Rep: Reputation: 30
Hmm, from my knowledge, cat /usr/lib/* should show the contents of every file in /usr/lib, and >/dev/null sends everything printed to stdout (aka printed on screen and not an error) to /dev/null, that is, doesn't show it any more.
Basicly, I can't see any reason to use that command except to see which files you haven't got access to, or something like that. And, also, from what I know, /usr/lib has nothing to do with cache, but I am still new to this, so, anyone correct me if I am wrong.
Also, who are "they" and what's the deal with a 100Mb file in /tmp?
 
Old 09-23-2006, 11:57 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by Valkyrie_of_valhalla
Also, who are "they" and what's the deal with a 100Mb file in /tmp?
"they" would be the person(s) who wrote the exploit...

i believe the 100MB file is only needed if you don't have any other big file to run the exploit against...
 
Old 09-23-2006, 12:35 PM   #5
spirit receiver
Member
 
Registered: May 2006
Location: Frankfurt, Germany
Distribution: SUSE 10.2
Posts: 424

Rep: Reputation: 33
Quote:
Originally Posted by abefroman
What do they mean by
"and try to junk the cache e.g. cat /usr/lib/* >/dev/null" ?
Is it possible that they're just trying to clear the disc cache by reading arbitrary data?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
cache folder like /var/cache/apt/packages on Debian Shaddy SUSE / openSUSE 0 08-13-2006 10:02 AM
Ram wiht suse, cache Disk cache??? fadelhomsi Linux - Newbie 2 02-05-2006 11:29 PM
clearing cache, web cache on linux varunbihani Linux - General 2 12-08-2005 12:02 PM
Error: Caching enabled and local cache: //var/cache/yum/base/primary.xml.gz does... dr_zayus69 Linux - Software 2 07-06-2005 04:32 AM
cdrecord junk; /proc junk lackluster Linux - Software 5 08-06-2003 10:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration