[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

Frederik Dannemare wrote:
Hi everybody,

just curious: any particular reason why we didn't see a backport any sooner of the integer overflow in the brk system call (see recent announcement by Wichert Akkerman: http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html) like we did with the ptrace issue some time back?

Wasn't it (the brk vuln) considered to be threatening enough to justify a quick fix, or was it because the fix by Andrew Morton didn't say (kerne changelog) enough about the potential seriousness of the vuln, or?

forgot to say: hat's off to the forensics guys. great work! I really appreciate that we now know what helped the attacker gain root.

Frederik Dannemare

Reply to: