[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] local root exploit with glibc2.2 update from cobalt
- Subject: Re: [cobalt-security] local root exploit with glibc2.2 update from cobalt
- From: "Audric Leperdi" <aleperdi@xxxxxxxxxxxxx>
- Date: Thu, 11 Jan 2001 21:36:37 +0100
- Organization: Evolutiva SRL
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
One of my RAQ3i with these patches is OK (tested w admin and root)
NAME: RaQ3-All-Security Release 3.0.1-6750
NAME: RaQ3-All-Security Release 3.0.1-8008
NAME: RaQ3-All-Security Release 3.0.1-8061
NAME: RaQ3-All-Security Release 3.0.1-8148
NAME: RaQ3-All-Security Release 3.0.1-8164
NAME: RaQ3-All-Security Release 3.0.1-8577
NAME: RaQ3-All-System Release 3.0.1-6453
NAME: RaQ3-All-Security Release 3.0.1-6579
NAME: RaQ3-All-Security Release 3.0.1-6650
NAME: RaQ3-All-Security Release 3.0.1-6682
NAME: RaQ3-en-OSUpdate Release 3.0
NAME: RaQ3-en-System Release 3.0.6-6375
Another one with these patches is VULNERABLE if run from root
NAME: RaQ3-All-Security Release 3.0.1-6579
NAME: RaQ3-All-Security Release 3.0.1-6650
NAME: RaQ3-All-Security Release 3.0.1-6682
NAME: RaQ3-All-System Release 3.0.2-6449
NAME: RaQ3-en-OSUpdate Release 3.0
In both cases the vulnerability is not exploitable with admin or any other
telnet user.
If a regular telnet user ftp a binary version of traceroute and tries the
exploit using its own traceroute file it will get:
traceroute: icmp socket: Operation not permitted
Audric Leperdi