Re: Exploit - what to do

To: Jerzy Wolinski <wolinski@poczta.onet.pl>
Cc: debian-security@lists.debian.org
Subject: Re: Exploit - what to do
From: Richard <ricv@denhaag.org>
Date: Wed, 18 Jul 2001 16:36:24 +0200 (MEST)
Message-id: <[🔎] Pine.LNX.4.21.0107181621450.32036-100000@gatekeeper.jane.org>
In-reply-to: <[🔎] 001d01c10f8f$7cb8a460$4f00a8c0@kompas.net.pl>

On Wed, 18 Jul 2001, Jerzy Wolinski wrote:

> I found some local root exploit (source and binary).
> I have run it on some test system. It works on Debian 2.2r2

Is it not decieving you like fakeroot does, are you not running the code
as a privileged user?

> From source I can see that it uses passwd program,
> but I have no knowlegde and no time to search how it
> really works. 
> On debian security alert pages I see nothing about passwd.
> What should I do?

Since you have no knowlegde and no time, little else but
to trust the debian security team.

[RicV]

Reply to:

Follow-Ups:
- Re: Exploit - what to do
  - From: David Ehle <ehle@iit.edu>

References:
- Exploit - what to do
  - From: "Jerzy Wolinski" <wolinski@poczta.onet.pl>

Prev by Date: Exploit - what to do
Next by Date: Re: Exploit - what to do
Previous by thread: Exploit - what to do
Next by thread: Re: Exploit - what to do
Index(es):
- Date
- Thread