[DSA-311-1] New kernel packages - Bug not fixed!
----- From the security advisory 311-1:
Package : kernel
Vulnerability : several
Problem-Type : local, remote
CVE Ids : CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244
CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364
A number of vulnerabilities have been discovered in the Linux kernel.
- - CAN-2003-0127: The kernel module loader allows local users to gain
root privileges by using ptrace to attach to a child process that is
spawned by the kernel
----- End of excerpt.
I just upgraded my kernel image from 2.4.18-k6 to 2.4.18-1-k6 and i
cannot confirm that the above bug has been fixed. The simple exploit (i
think it has been from bugtraq) is still working fine, giving every
local user easily root privileges.
Could it be that this has only been fixed in more recent kernel versions
or has there been some kind of error?