[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Linux cap kernel bug...
- Subject: Re: [cobalt-security] Linux cap kernel bug...
- From: "Michael Zimmermann" <zim@xxxxxxxx>
- Date: Sun, 2 Jul 2000 23:54:35 +0200
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
> I'm talking about the capability bug. Theres a few sample exploits on
> SecurityFocus.com, and appear to be give local -> root privledges on
> unpatched boxes. It's widely known that programs like sendmail can be
> exploited, but I'm willing to bet things like sshd can be as well.
>
> The issue is that the fixes aren't mentioned in the OS 3.0 bug patch list,
> nor on the security announcements on the website.
You are right, Gossi, and thank you for the awareness.
The bug is NOT fixed in the OS 3.0 - I just checked the exploit
examples against a RaQ3 with OS 3.0.
So in a way the bug patch list ist correct by not listing it. .o)
Greetings
Michael