• Home
  • Categories
  • WIKI
  • LANGUAGE: en
    • Is this thing fixed?
    Community Discussion 498 views · 2 replies ·
    Tofloor
    poster avatar
    zizzu79
    deepin
    2017-05-15 10:17
    Author
    Looking at the system i found this new process lastore-daemon launched by the control panel and then in the first page of google https://www.exploit-db.com/exploits/39433/, this is a huge exploit everyone with access to the desktop can get root... is this thing fixed? Anyway i disabled the service...

    Reply Favorite View the author
    All Replies
    th3blad3runn3r
    deepin
    2017-05-16 05:51
    #1
    Edited by th3blad3runn3r at 2017-5-15 15:08

    Here's a proof of concept for the exploit :
    https://packetstormsecurity.com/files/135737

    The exploit is mentioned to be present in Deepin 15.1
    If it does work in 15.4, it ain't fixed...

    I won't be able to test it until this WE, so if you're faster then me
    Please, comment the line saying
    1. os.system("/usr/bin/deepinhack")
    Copy the Code

    just in case...
    Reply View the author
    th3blad3runn3r
    deepin
    2017-05-16 09:12
    #2
    I can confirm:
    hack is FIXED in 15.4.

    See screen shot below
    Please notice the "deepin_hack" failed to install notification in the upper right corner
    Reply View the author