[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Linux cap kernel bug...
- Subject: Re: [cobalt-security] Linux cap kernel bug...
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Sun, 2 Jul 2000 14:54:48 +0100 (BST)
Sorry, I just realised the post kind of lacked information on the problem
:)
Its covered in the Kernel 2.2.14 update (in OS update 3.0 for Cobalt RaQ
3), although technically for all other linux distros its kernel 2.2.16 (I
presume Cobalt ripped the changes and put them in 2.2.14)?
I'm talking about the capability bug. Theres a few sample exploits on
SecurityFocus.com, and appear to be give local -> root privledges on
unpatched boxes. It's widely known that programs like sendmail can be
exploited, but I'm willing to bet things like sshd can be as well.
The issue is that the fixes aren't mentioned in the OS 3.0 bug patch list,
nor on the security announcements on the website.
Regards.
On Sun, 2 Jul 2000, Michael Zimmermann wrote:
> > Quick question - why isn't the Linux Kernel cap bug listed on the security
> > notices section of the Cobalt website?
>
> Hi gossi,
>
> which Bug? How to exploit it? What can be done with it?
>
>
> Michael
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
--
gossi the dog
email: gossi@xxxxxxxxxxxxxx
irc: gossi in #markthomas (efnet / irc.ins.net.uk)