On Sun, 15 Apr 2001, Adam Sculthorpe wrote:
>
> Have you posted this vulnerability to BUGTRAQ or any other sites?
>
> I am happy for you to have discovered a 'nice' new vulnerability but
without
> either the source code or a full disclosure of what is happening your post
> here is pretty useless.
>
> Adam
It's a kernel vun. I won't bother going into much detail, but I've been
working with Sun on a fix for just over a week now. owned.lab6.com
currently runs kernel 2.2.16C24_III - a test kernel - and appears to be
ok. It successfully patches the exploit.
I'd expect a patch to be available soon. It's fairly critical this one is
properly tested first, as replacing the RaQ kernel is something that could
go badly wrong if the patch wasn't 100% ok.
I'd just sit tight for now, Sun are working on it.
Regards,
Gossi.