Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: tcarroll on February 27, 2004, 04:51:36 AM

Title: Security issue
Post by: tcarroll on February 27, 2004, 04:51:36 AM

Why isn't there anything on the front page of Contribs.org, which is where the news link takes me, concerning the latest security vulnerability?

It would be nice to be able to read whether or not the latest do_mremap() vulnerability affects any of the SME distributions, such as 6.0 or 5.6 without having to go digging in the archives.

Tom Carroll

Title: Security issue
Post by: Floyd on February 27, 2004, 05:51:47 AM

For your information apparently sme is safe.  The way it was explained to me is that mremap cause privilege escalation.  However since you can only log-in as root you cannot really give yourself more privileges.  But I would think you would want to be carefull with the contribs that allow you to log on with a user shell because I know the proof of concept exploits for mremap show the kernel is exploitable.

Title: Security issue
Post by: tcarroll on February 27, 2004, 08:19:19 AM

Thanks Floyd!