[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] NEW local exploit
- Subject: Re: [cobalt-security] NEW local exploit
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Sun, 15 Apr 2001 16:09:50 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sun, 15 Apr 2001, Adam Sculthorpe wrote:
>
> Have you posted this vulnerability to BUGTRAQ or any other sites?
>
> I am happy for you to have discovered a 'nice' new vulnerability but without
> either the source code or a full disclosure of what is happening your post
> here is pretty useless.
>
> Adam
It's a kernel vun. I won't bother going into much detail, but I've been
working with Sun on a fix for just over a week now. owned.lab6.com
currently runs kernel 2.2.16C24_III - a test kernel - and appears to be
ok. It successfully patches the exploit.
I'd expect a patch to be available soon. It's fairly critical this one is
properly tested first, as replacing the RaQ kernel is something that could
go badly wrong if the patch wasn't 100% ok.
I'd just sit tight for now, Sun are working on it.
Regards,
Gossi.