Re: root compromise on debian woody

[Alexei Chetroi <alexei.chetroi@lexa.uniflux-line.net>]

On Thu, May 26, 2005 at 09:01:37PM -0400, Selva Nair wrote:
> Date: Thu, 26 May 2005 21:01:37 -0400
> From: Selva Nair <selva.nair@gmail.com>
> Subject: Re: root compromise on debian woody
> 
> On 5/26/05, Joey Hess <joeyh@debian.org> wrote:
> > Selva Nair wrote:
 [snip]
 
> > Well to choose one security hole at random out of dozens to hundreds
> > that remain unfixed in woody's kernels, this one allows anyone to go from
> > a normal user account to root:
> > 
> > CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
> >         - kernel-source-2.6.11 2.6.11 2.6.11-4
> >         - kernel-source-2.6.8 2.6.8-16
> >         - kernel-source-2.4.27 2.4.27-10
> > 
> 
> I built a new kernel from 2.4.30 sources and the exploit no more works.
> Hope this one is safer.
 
  Which kernel you used before on woody? Was it vanilla kernel from
kernel.org or Debian one? which version? IIRC 2.4.18 is supported by
security team for woody, so if the exploit works for debian's 2.4.18
kernel it is bad.


  Best wishes

--
Alexei Chetroi

Smile... Tomorrow will be worse. (c) Murphy's Law