[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Problems with 2.2.19 kernel. Are cobalt kernelspatched?
- Subject: Re: [cobalt-security] Problems with 2.2.19 kernel. Are cobalt kernelspatched?
- From: "Rev. wRy" <slot0k@xxxxxxxxx>
- Date: Thu, 18 Oct 2001 17:13:00 -0500
- Organization: United Cretins, LLC
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
ProServe - Peter Batenburg wrote:
>
> Hi Jeff,
>
> I have to correct you there. It is a new bug, and not an old one. openwall
> is one of the best kernel dev. group when it comes to security. And this
> has only been released today.
From:
http://www.kb.cert.org/vuls/id/176888
Date Public 03/26/2001
Date First Published 07/18/2001 02:59:17 PM
Date Last Updated 07/24/2001
CERT Advisory
CVE Name CVE-2001-0317
Metric 9.70
Document Revision 25
This vulnerability exploits a race condition that allows an
attacker to use ptrace, or similar function (procfs), to
attach to and, thus, modify a running setuid process. This
enables the attacker to execute arbitratry code with elevated (root)
privilege.
Starting to sound familiar?
> Peter Batenburg
HTH, HAND.
Rev. wRy
--
Remember, the best magic tricks are always the ones that other
people will hurt themselves trying to do. That, to me, is the
real magic. - Rev. Syd Midnight