Pages: [1] Go Down

Linux Kernel Vulnerability

ddomoney

Linux Kernel Vulnerability

« on: December 02, 2003, 05:32:32 AM »

OK gang - anybody looked at this yet?

http://www.eweek.com/article2/0,4149,1400446,00.asp

I am wondering if anyone has started to engineer a fix as yet for SME. Apparently
kernel versions 2.4.23 and above would be a good starting place.

Darrin

Logged

Charlie Brady

Re: Linux Kernel Vulnerability

« Reply #1 on: December 02, 2003, 06:45:55 AM »

ddomoney wrote:

> I am wondering if anyone has started to engineer a fix as yet
> for SME.

I expect that RedHat has.

Note that this is reported to be a local root exploit. In other words you need local shell access to exploit it. Nobody has local shell access on an unmodified SME server except admin.

Now it is *just* possible that some legal remote access can cause a sequence of memory allocations which can trigger the bug, but I think that very unlikely.

Charlie

Logged

Charlie Brady

Re: Linux Kernel Vulnerability

« Reply #2 on: December 02, 2003, 06:58:02 AM »

Charlie Brady wrote:

> I expect that RedHat has.

And I wasn't wrong;

...
Red Hat Security Advisory

Synopsis: Updated 2.4 kernel fixes privilege escalation security vulnerability
Advisory ID: RHSA-2003:392-00
...
1. Topic:

Updated kernel packages are now available that fix a security vulnerability
leading to a possible privilege escalation.
...

Logged

Pages: [1] Go Up

« previous next »