[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Problems with 2.2.19 kernel. Are cobaltkernels patched?
- Subject: Re: [cobalt-security] Problems with 2.2.19 kernel. Are cobaltkernels patched?
- From: "Kevin" <klists@xxxxxxxxxxx>
- Date: Fri, 19 Oct 2001 09:01:34 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
The default exploit supplied for this does NOT work on Cobalt RaQ3i's and
RaQ4r's due to /usr/bin/newgrp *NOT* being SUID root;
(RaQ4)
[kevin kevin]$ uname -a
Linux ns.darla.co.uk 2.2.16C28_III #1 Mon Jul 30 22:07:58 PDT 2001 i586
unknown
[kevin kevin]$ ls -al /usr/bin/newgrp
-rwx--x--x 1 root root 5780 Jun 20 2000 /usr/bin/newgrp
(RaQ3)
[kevin@devel test]$ uname -a
Linux devel.darla.co.uk 2.2.16C27_III #1 Thu Jun 14 17:21:17 PDT 2001 i586
unknown
[kevin@devel test]$ ls -al /usr/bin/newgrp
-rwx--x--x 1 root root 5576 Apr 17 1999 /usr/bin/newgrp
su doesn't ship
----- Original Message -----
From: "Jeff Lovell" <jlovell@xxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Thursday, October 18, 2001 11:33 PM
Subject: Re: [cobalt-security] Problems with 2.2.19 kernel. Are
cobaltkernels patched?
> On Thu, 2001-10-18 at 14:34, ProServe - Peter Batenburg wrote:
> >
> > I have to correct you there. It is a new bug, and not an old one.
openwall
> > is one of the best kernel dev. group when it comes to security. And this
> > has only been released today.
> > I think you should give it better study and revise your security
policy's.
> > Maybe you could check diff's and see what they have changed? Or check
with
> > kernel mailing lists?
>
> I apologize, I hadn't read my mail from Bugtraq as of yet. I have
> forwarded the details off the appropriate kernel maintainers here, and I
> will update any information that comes available.
>
> Jeff
>
> --
> Jeff Lovell
> Sun Microsystems Inc.
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>