VULHUB ™

ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an attacker who gains access to it. In order to hide files/processes, kernel modules that filter data from the kernel are used. It is possible to exploit a failure to handle exceptional conditions condition that exists in these modules and temporarily lock up the system locally. This is accomplished by performing various directory listing/traversal functions in /proc. eg. # cd /proc && cd self && cd cwd # pwd <causes error response> # cd ../../../../../ # cd proc # cd self <should receive error response> # ls, pwd, etc, <BOOM!> Further technical details are not yet known.

ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an attacker who gains access to it. In order to hide files/processes, kernel modules that filter data from the kernel are used. It is possible to exploit a failure to handle exceptional conditions condition that exists in these modules and temporarily lock up the system locally. This is accomplished by performing various directory listing/traversal functions in /proc. eg. # cd /proc && cd self && cd cwd # pwd <causes error response> # cd ../../../../../ # cd proc # cd self <should receive error response> # ls, pwd, etc, <BOOM!> Further technical details are not yet known.