Debian attacker may have used new exploit
jason-gaRZxGPHtpBxZtjKW1aY+1aTQe2KTcn/ at public.gmane.org
Tue Dec 2 16:59:08 UTC 2003
In the security alert I recived yesterday from Mandrake Security
Package name: kernel
Advisory ID: MDKSA-2003:110
Date: December 1st, 2003
Affected versions: 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2
A vulnerability was discovered in the Linux kernel versions 2.4.22 and
previous. A flaw in bounds checking in the do_brk() function can
allow a local attacker to gain root privileges. This vulnerability is
known to be exploitable; an exploit is in the wild at this time.
The Mandrake Linux 9.2 kernels are not vulnerable to this problem as
the fix for it is already present in those kernels.
MandrakeSoft encourages all users to upgrade their systems immediately.
Robert Brockway wrote:
> On Tue, 2 Dec 2003, JoeHill wrote:
>>What confuses me, is that my default install of MDK 9.2 shows kernel version:
>>But MDK says 9.2 is safe.
>>Can someone clarify this for me?
> It is very common for distributions to patch their own kernels seperately
> to the main tree. This way they ensure minimalist changes to their kernel
> and also keep whatever customisation or optimisations they have previously
> So when upgrading to avoid an exploit like this, either go for a vanilla
> kernel which is known to be fixed (2.4.23 in this case) _or_ whatever
> version your distro maintainers advise is safe.
" Eventually people tire of repairing broken Windows,
And decide to replace them with something stronger"
//\ Linux - The Choice Of A GNU Generation
V_/_ Jason Shein
Linux Registered User #281100
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy