Linuxense Blog

None broke into the server which was on the Net for 96 hours. Kudos to Adamantix!

See details at http://www.linuxense.com/challenge

At the end of 48th hour we have released a shell account with the login name ROT13ed. It didn’t take more than a couple of minutes for the first person to login! But there were several contestants who complained about a login account which “just doesn’t work'’.

Most of the attempts had stack-smash as the basic technique which Pax is good at. But there was a Pax privilege elevation bug to which Adamantix 1.0.4 was susceptible. See http://seclists.org/lists/fulldisclosure/2005/Mar/0211.html for more details. But the first exploit wasn’t out till the end of 96 hours (though the Kernel used was not fully susceptible)

Packet capture dump is being circulated via Bittorrent and had several downloads so far.

We thank Asianet Satellite communications for providing us bandwidth.

This break-in challenge was unique in a sense that this was the first time an Open source product was put under such a test. Normally companies do this to show off their own product’s capability.

This entry was posted on Friday, March 25th, 2005 at 5:42 pm and is filed under News, Work. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.