[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Linux cap kernel bug...

Subject: Re: [cobalt-security] Linux cap kernel bug...
From: "Michael Zimmermann" <zim@xxxxxxxx>
Date: Sun, 2 Jul 2000 23:54:35 +0200

From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
> I'm talking about the capability bug.  Theres a few sample exploits on
> SecurityFocus.com, and appear to be give local -> root privledges on
> unpatched boxes.  It's widely known that programs like sendmail can be
> exploited, but I'm willing to bet things like sshd can be as well.
>
> The issue is that the fixes aren't mentioned in the OS 3.0 bug patch list,
> nor on the security announcements on the website.

You are right, Gossi, and thank you for the awareness.

The bug is NOT fixed in the OS 3.0 - I just checked the exploit
examples against a RaQ3 with OS 3.0.

So in a way the bug patch list ist correct by not listing it. .o)


Greetings
Michael

Follow-Ups:
- Re: [cobalt-security] Linux cap kernel bug...
  - From: Gossi The Dog

References:
- Re: [cobalt-security] Linux cap kernel bug...
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] Linux cap kernel bug...
Next by Date: Re: [cobalt-security] Linux cap kernel bug...
Previous by thread: Re: [cobalt-security] Linux cap kernel bug...
Next by thread: Re: [cobalt-security] Linux cap kernel bug...

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index