Debian attacker may have used new exploit

Jason Shein jason-gaRZxGPHtpBxZtjKW1aY+1aTQe2KTcn/ at
Tue Dec 2 16:59:08 UTC 2003

In the security alert I recived yesterday from Mandrake Security

  Package name:           kernel
  Advisory ID:            MDKSA-2003:110
  Date:                   December 1st, 2003

  Affected versions:	 9.0, 9.1, Corporate Server 2.1,
			 Multi Network Firewall 8.2

  Problem Description:

  A vulnerability was discovered in the Linux kernel versions 2.4.22 and
  previous.  A flaw in bounds checking in the do_brk() function can
  allow a local attacker to gain root privileges.  This vulnerability is
  known to be exploitable; an exploit is in the wild at this time.

  The Mandrake Linux 9.2 kernels are not vulnerable to this problem as
  the fix for it is already present in those kernels.

  MandrakeSoft encourages all users to upgrade their systems immediately.

Robert Brockway wrote:
> On Tue, 2 Dec 2003, JoeHill wrote:
>>What confuses me, is that my default install of MDK 9.2 shows kernel version:
>>But MDK says 9.2 is safe.
>>Can someone clarify this for me?
> It is very common for distributions to patch their own kernels seperately
> to the main tree.  This way they ensure minimalist changes to their kernel
> and also keep whatever customisation or optimisations they have previously
> incorporated.
> So when upgrading to avoid an exploit like this, either go for a vanilla
> kernel which is known to be fixed (2.4.23 in this case) _or_ whatever
> version your distro maintainers advise is safe.
> Rob

" Eventually people tire of repairing broken Windows,
        And decide to replace them with something stronger"
//\        Linux - The Choice Of A GNU Generation
V_/_                     Jason Shein
       		Linux Registered User #281100

The Toronto Linux Users Group.      Meetings:
TLUG requests: Linux topics, No HTML, wrap text below 80 columns

More information about the Legacy mailing list