Re: Backport of the integer overflow in the brk system call
Frederik Dannemare wrote:
Hi everybody,
just curious: any particular reason why we didn't see a backport any
sooner of the integer overflow in the brk system call (see recent
announcement by Wichert Akkerman:
http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html)
like we did with the ptrace issue some time back?
Wasn't it (the brk vuln) considered to be threatening enough to justify
a quick fix, or was it because the fix by Andrew Morton didn't say
(kerne changelog) enough about the potential seriousness of the vuln, or?
forgot to say: hat's off to the forensics guys. great work! I really
appreciate that we now know what helped the attacker gain root.
--
B/R,
Frederik Dannemare
Reply to: