Re: Backport of the integer overflow in the brk system call

To: debian-devel@lists.debian.org
Subject: Re: Backport of the integer overflow in the brk system call
From: Frederik Dannemare <tux@sentinel.dk>
Date: Tue, 02 Dec 2003 00:45:11 +0100
Message-id: <[🔎] 3FCBD287.7090902@sentinel.dk>
In-reply-to: <[🔎] 3FCBCF99.3000907@sentinel.dk>
References: <[🔎] 3FCBCF99.3000907@sentinel.dk>

Frederik Dannemare wrote:

Hi everybody,
just curious: any particular reason why we didn't see a backport anysooner of the integer overflow in the brk system call (see recentannouncement by Wichert Akkerman:http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html)like we did with the ptrace issue some time back?
Wasn't it (the brk vuln) considered to be threatening enough to justifya quick fix, or was it because the fix by Andrew Morton didn't say(kerne changelog) enough about the potential seriousness of the vuln, or?

forgot to say: hat's off to the forensics guys. great work! I reallyappreciate that we now know what helped the attacker gain root.


--
B/R,
Frederik Dannemare

Reply to:

References:
- Backport of the integer overflow in the brk system call
  - From: Frederik Dannemare <tux@sentinel.dk>

Prev by Date: Backport of the integer overflow in the brk system call
Next by Date: Re: Revival of the signed debs discussion
Previous by thread: Backport of the integer overflow in the brk system call
Next by thread: Re: Backport of the integer overflow in the brk system call
Index(es):
- Date
- Thread