[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Possible solution for BIG security hole in RaQ3 server
- Subject: Re: [cobalt-security] Possible solution for BIG security hole in RaQ3 server
- From: Jeff Lovell <jlovell@xxxxxxxxxx>
- Date: Mon, 12 Jun 2000 08:52:22 -0700
- Organization: Cobalt Networks, Inc.
Goran Blagus wrote:
>
> Hello !
>
> <BAD ENGLISH>
>
> Here is the post from bugtraq mailing list with program in C which we have
> installed on RaQ3 to prevents abuse of CAP_SETUID vulnerability.
> We have tested this module with two exploits that was early posted to same
> bugtraq list and it works great.
>
> What we didn't succeed is compiling this program on RaQ2. RaQ2 is also
> affected with this security bug. Any help in compiling this program is
> appriciated.
>
> </BAD ENGLISH>
>
> Goran Blagus
2.0.x kernels are not vulnerable to this bug. ONLY RaQ3 and RaQ3
variants are vulnerable to this bug.
Jeff