[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Cobalt Security Notice - Linux Kernel - 06/09/00
- Subject: [cobalt-security] Cobalt Security Notice - Linux Kernel - 06/09/00
- From: Jeff Lovell <jlovell@xxxxxxxxxx>
- Date: Fri, 09 Jun 2000 17:34:11 -0700
- Organization: Cobalt Networks, Inc.
Cobalt Security Notice - 06.o0.00
----------------------------------
As many of you may have heard, there has recently surfaced
a bug with how the Linux kernel handles SUID programs on
in kernel version 2.2.
This exploit allowed local users will shell access to
comprimise the system with the use of suid programs such
as sendmail and procmail.
Cobalt has addressed this issue by patching the
2.2.14 kernel to prevent these types of attacks. The
new kernel is available for download from the following
location:
Kernel Image: (required)
ftp://ftp.cobaltnet.com/pub/experimental/kernel-2.2.14C9-1.i386.rpm
Kernel Headers: (required)
ftp://ftp.cobaltnet.com/pub/experimental/kernel-headers-2.2.14C9-1.i386.rpm
Bandwidth Management Module: (required)
ftp://ftp.cobaltnet.com/pub/experimental/bwmgmt-1.0-13.i386.rpm
Kernel Source: (optional)
ftp://ftp.cobaltnet.com/pub/experimental/kernel-source-2.2.14C9-1.i386.rpm
md5sum rpm
------------------------------------------------------------
544efe39ace7abd531807d4ec693a618 kernel-2.2.14C9-1.i386.rpm
0972c362ba9747b1f9a22702f9bbd673 kernel-headers-2.2.14C9-1.i386.rpm
7d95bcf93dfe17bad3d353a6e3d2d6ab bwmgmt-1.0-13.i386.rpm
4e925b687a1543bfcac5792c57125cb7 kernel-source-2.2.14C9-1.i386.rpm
This kernel release is considered experimental while extensive
testing is done. If you feel you are not vulnerable to this
exploit, it is recommended that you wait for the offical pkg
update.
--
Jeff Lovell
Cobalt Networks, Inc.