Re: [cobalt-security] Problems with 2.2.19 kernel. Are cobalt kernelspatched?

[ProServe - Peter Batenburg <peter@xxxxxxxxxxx>]

Read my other posts. You'll see that its not the same bug.

Met vriendelijke groet/With kind regards,

Peter Batenburg

ProServe B.V.
Prisma 100
3364 DJ Sliedrecht
Tel.: 0184 - 423 815
Fax: 0184 - 417 160
http://www.proserve.nl

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender by replying the email and please remove
the files from your computer.

This footnote also confirms that this email message has been swept
for the presence of computer viruses.
**********************************************************************

On Thu, 18 Oct 2001, Rev. wRy wrote:

> ProServe - Peter Batenburg wrote:
> >
> > Hi Jeff,
> >
> > I have to correct you there. It is a new bug, and not an old one. openwall
> > is one of the best kernel dev. group when it comes to security. And this
> > has only been released today.
>
> From:
> http://www.kb.cert.org/vuls/id/176888
>
> Date Public 03/26/2001
> Date First Published 07/18/2001 02:59:17 PM
> Date Last Updated 07/24/2001
> CERT Advisory
> CVE Name CVE-2001-0317
> Metric 9.70
> Document Revision 25
>
> This vulnerability exploits a race condition that allows an
> attacker to use ptrace, or similar function (procfs), to
> attach to and, thus, modify a running setuid process. This
> enables the attacker to execute arbitratry code with elevated (root)
> privilege.
>
> Starting to sound familiar?
>
> > Peter Batenburg
>
> HTH, HAND.
>