[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability

Subject: Re: [cobalt-security] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Wed, 18 Dec 2002 11:32:28 +0100
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> > Implication: Well, don't allow shell access to your servers and if you
> > do, then make sure that people can't compile code on the server.
>
> well, that goes without saying. what about cgi though?

With cgi you'd still need to compile the code on the server - or you'd have to 
bring it aboard pre-compiled on a matching architecture. There are always 
ways <shrug>.

> did you try the patch, btw?

No, I didn't test it as I haven't built a custom kernel on a RaQ for quite 
some time. The approach of plugging the vulnerability with a loadable kernel 
module looks interesting, though. 

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

References:
- Re: [cobalt-security] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
  - From: Jaana Jarve

Prev by Date: Re: [cobalt-security] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
Next by Date: [cobalt-security] CERT® Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations
Previous by thread: Re: [cobalt-security] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
Next by thread: RE: [cobalt-security] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index