[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] NEW local exploit

Subject: Re: [cobalt-security] NEW local exploit
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Mon, 16 Apr 2001 10:13:04 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

2.2.16C24 includes the security fix, manually edited into the code.

You can find the current Cobalt build at;
ftp://ftp.cobaltnet.com/pub/users/thockin/kernels/

Important disclaimer; apply at own risk.

For a RaQ 3, you need to download the following files;

kernel-2.2.16C24_III-1.i386.rpm
kernel-headers-2.2.16C24_III-1.i386.rpm
kernel-reiserfs-utils-2.2.16C24_III-1.i386.rpm
kernel-source-2.2.16C24_III-1.i386.rpm

I'm not sure on the status of patches for RaQ4's (or older RaQs).

Cobalt's FTP server appears to be down (at least, from what I can see), so
I've copied the files to;

http://owned.lab6.com/~gossi/RaQ-security/files

md5sum's of files;

cfd397526dbb685df890800315a15d31  kernel-2.2.16C24_III-1.i386.rpm
6c828271e54f1ed3b9df3e68a9706df2  kernel-headers-2.2.16C24_III-1.i386.rpm
fc691c8fb5b2ddcc211d331d12758e30
kernel-reiserfs-utils-2.2.16C24_III-1.i386.rpm
c3bf2ebc69845985c74df9392a19798c  kernel-source-2.2.16C24_III-1.i386.rpm

Again, to reiterate these aren't final Cobalt patches, and as such you
can't get support if applying them kills the RaQ.  Having said that, my
RaQ3 has remained stable since applying the RPM.

Regards,
Gossi The Dog.



On Sun, 15 Apr 2001, Peter Batenburg wrote:

> The last thing i heard was, that 2.2.19 is not vuln. So i wonder if you got
> all the bugs outof 2.2.16.
> If you can make that kernel public, i can test it for you on several RaQ's.
> In what period would you expect sun having a fix/patch?
>
> At 16:09 15-4-2001 +0100, you wrote:
> >On Sun, 15 Apr 2001, Adam Sculthorpe wrote:
> >
> > >
> > > Have you posted this vulnerability to BUGTRAQ or any other sites?
> > >
> > > I am happy for you to have discovered a 'nice' new vulnerability but
> > without
> > > either the source code or a full disclosure of what is happening your post
> > > here is pretty useless.
> > >
> > > Adam
> >
> >It's a kernel vun.  I won't bother going into much detail, but I've been
> >working with Sun on a fix for just over a week now.  owned.lab6.com
> >currently runs kernel 2.2.16C24_III - a test kernel - and appears to be
> >ok.  It successfully patches the exploit.
> >
> >I'd expect a patch to be available soon.  It's fairly critical this one is
> >properly tested first, as replacing the RaQ kernel is something that could
> >go badly wrong if the patch wasn't 100% ok.
> >
> >I'd just sit tight for now, Sun are working on it.
> >
> >Regards,
> >Gossi.
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

Follow-Ups:
- Re: [cobalt-security] NEW local exploit
  - From: Peter Batenburg

References:
- Re: [cobalt-security] NEW local exploit
  - From: Peter Batenburg

Prev by Date: RE: [cobalt-security] NEW local exploit
Next by Date: Re: [cobalt-security] NEW local exploit
Previous by thread: Re: [cobalt-security] NEW local exploit
Next by thread: Re: [cobalt-security] NEW local exploit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index