Bug#378324: local root hole (race condition in /proc)
Package: kernel-image-2.6.8-3-686
Version: 2.6.8-16sarge3
Severity: critical
Tags: security
See: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html
Workaround is simple: mount /proc as nosuid
The linux-2.6 packages in unstable are not affected (since they don't include
a.out support).
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Versions of packages kernel-image-2.6.8-3-686 depends on:
ii coreutils [fileutils] 5.2.1-2 The GNU core utilities
ii initrd-tools 0.1.81.1 tools to create initrd image for p
ii module-init-tools 3.2-pre1-2 tools for managing Linux kernel mo
-- no debconf information
Reply to: