Re: Backport of the integer overflow in the brk system call
On Tue, Dec 02, 2003 at 08:47:10PM -0600, Steve Langasek wrote:
> On Wed, Dec 03, 2003 at 02:57:11AM +0100, Bernd Eckenfels wrote:
> > On Wed, Dec 03, 2003 at 10:54:24AM +1000, Andrew Pollock wrote:
> > > The only way to have avoided this kernel vulnerability from day-0 of
> > > discovery/fix release would have been to be constantly upgrading to
> > > pre-release kernels.
> > Yes but also the debian servers would not have been vulnerable if they had
> > used 2.4.23. At least not at that point in time.
> Um, what?
> Nov 19 17:00 Attacker logs into klecker with sniffed password
> Nov 19 17:08 Root-kit installed on klecker
> Nov 28 22:39 Linux 2.4.23 released
Bernd is correct, though - if the machines had been running 2.4.23, they
wouldn't have been vulnerable. The fact that it was impossible to do so
doesn't enter into the equation when you're working from blind assertions.