[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] NEW local exploit

Subject: Re: [cobalt-security] NEW local exploit
From: Peter Batenburg <peter@xxxxxxxxxx>
Date: Sun, 15 Apr 2001 18:56:27 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

The last thing i heard was, that 2.2.19 is not vuln. So i wonder if you gotall the bugs outof 2.2.16.

If you can make that kernel public, i can test it for you on several RaQ's.
In what period would you expect sun having a fix/patch?

At 16:09 15-4-2001 +0100, you wrote:

On Sun, 15 Apr 2001, Adam Sculthorpe wrote:

>
> Have you posted this vulnerability to BUGTRAQ or any other sites?
>

> I am happy for you to have discovered a 'nice' new vulnerability butwithout

> either the source code or a full disclosure of what is happening your post
> here is pretty useless.
>
> Adam

It's a kernel vun.  I won't bother going into much detail, but I've been
working with Sun on a fix for just over a week now.  owned.lab6.com
currently runs kernel 2.2.16C24_III - a test kernel - and appears to be
ok.  It successfully patches the exploit.

I'd expect a patch to be available soon.  It's fairly critical this one is
properly tested first, as replacing the RaQ kernel is something that could
go badly wrong if the patch wasn't 100% ok.

I'd just sit tight for now, Sun are working on it.

Regards,
Gossi.

Follow-Ups:
- Re: [cobalt-security] NEW local exploit
  - From: Gossi The Dog

References:
- Re: [cobalt-security] NEW local exploit
  - From: Adam Sculthorpe
- Re: [cobalt-security] NEW local exploit
  - From: Gossi The Dog

Prev by Date: RE: [cobalt-security] NEW local exploit
Next by Date: RE: [cobalt-security] NEW local exploit
Previous by thread: Re: [cobalt-security] NEW local exploit
Next by thread: Re: [cobalt-security] NEW local exploit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index