Re: DSA-311-1 New kernel packages - Bug is not fixed!

To: debian-security@lists.debian.org
Subject: Re: DSA-311-1 New kernel packages - Bug is not fixed!
From: Nicolas Boullis <nboullis@debian.org>
Date: Mon, 9 Jun 2003 21:26:07 +0200
Message-id: <[🔎] 20030609192607.GA725@tintin>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3EE4D117.4090309@gmx.de>
References: <[🔎] 3EE4D117.4090309@gmx.de>

Hi,

On Mon, Jun 09, 2003 at 08:25:27PM +0200, Helmar wrote:

> I just upgraded my kernel image from 2.4.18-k6 to 2.4.18-1-k6 and i
> cannot confirm that the above bug has been fixed. The simple exploit (i
> think it has been from bugtraq) is still working fine, giving every
> local user easily root privileges.
> 
> Could it be that this has only been fixed in more recent kernel versions
> or has there been some kind of error?
> 
> I hope this has been the right list to post on...
> Helmar++

Some exploits change the permissions and owner of the binary to user 
root, setuid. Are you sure this is not what happened to you?
(I just tried on my box, and the bug seems to be fixed.)


Regards,

Nicolas

Reply to:

References:
- DSA-311-1 New kernel packages - Bug is not fixed!
  - From: Helmar <helmar.wieland@gmx.de>

Prev by Date: Re: DSA-311-1 New kernel packages - Bug is not fixed!
Next by Date: Re: Default Apache install not fit for multiple domains/users
Previous by thread: Re: DSA-311-1 New kernel packages - Bug is not fixed!
Next by thread: strange broadcast packets
Index(es):
- Date
- Thread