[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Linux cap kernel bug...
- Subject: Re: [cobalt-security] Linux cap kernel bug...
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Mon, 3 Jul 2000 00:25:48 +0100 (BST)
Aha. This might explain a few things, then.
Is there a patch forthcoming? I run a large multiuser system with Cobalt
OS 5, and can't really afford to leave well documented holes like this
open :(
Regards.
On Sun, 2 Jul 2000, Michael Zimmermann wrote:
> From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
> > I'm talking about the capability bug. Theres a few sample exploits on
> > SecurityFocus.com, and appear to be give local -> root privledges on
> > unpatched boxes. It's widely known that programs like sendmail can be
> > exploited, but I'm willing to bet things like sshd can be as well.
> >
> > The issue is that the fixes aren't mentioned in the OS 3.0 bug patch list,
> > nor on the security announcements on the website.
>
> You are right, Gossi, and thank you for the awareness.
>
> The bug is NOT fixed in the OS 3.0 - I just checked the exploit
> examples against a RaQ3 with OS 3.0.
>
> So in a way the bug patch list ist correct by not listing it. .o)
>
>
> Greetings
> Michael
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
--
gossi the dog
email: gossi@xxxxxxxxxxxxxx
irc: gossi in #markthomas (efnet / irc.ins.net.uk)