[Gllug] Root exploit 2.2.0 to 2.4.10
mike
mike at redtux.demon.co.uk
Sat Oct 20 04:21:54 UTC 2001
Apologies for nitpicking but it is two kernel bugs
On Thu, 2011-10-20 at 01:23, Chris Ball wrote:
> On Fri, 2001-10-19 at 20:12, William Palfreman wrote:
> > Just seen this on /. I'm about to just testing it now to see if it is
> > true. If it is and you administer shell account boxes you could be
> > in trouble. Expect a very rapid release of 2.2.20!
>
> You didn't provide a link and it's not on the front page, so I'll
> explain a little.
>
> There's a kernel bug that can allow:
>
> o A DOS attack through referencing an arbitrary number of symlinks
> o A /local/ root exploit via an setuid app (in this example, a
> world-executable and setuid root /usr/bin/addgrp) and ptrace.
>
> It affects all 2.2 kernels, and 2.4 kernels pre 2.4.10. I'm upgrading a
> few public-facing machines now.. *sigh*
>
> Details at:
> http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
>
> ~C.
>
> --
> $a="printf.net"; Chris Ball | chris at void.$a | www.$a | finger: chris@$a
> "In the beginning there was nothing, which exploded."
>
>
> --
> Gllug mailing list - Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list