Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments
On Thu, 2003-05-08 at 10:54, Oliver Hitz wrote:
> On 08 May 2003, Markus Kolb wrote:
>
> > There are patched Debian kernel images with version 2.4.18-7 by the
> > kernel-image maintainer Herbet Xu but not in official debian package
> > trees. Just don't know where to find Herbert's packages. Perhaps
> > someone can post the place!
>
> You can find patched kernel images and sources for woody in
> proposed-updates. Don't know if there is a more "official" place to
> find them.
>
> ftp://ftp.debian.org/debian/dists/woody-proposed-updates/
>
Sources are patched as of woody.2, according to this changes file[1],
but only woody.1 images are available[2], as far as I can tell. The
images at the second URL are still vulnerable:
Linux kmod + ptrace local root exploit by <anszom@v-lo.krakow.pl>
=> Simple mode, executing /usr/bin/id > /dev/tty
sizeof(shellcode)=95
=> Child process started..........
=> Child process started..........
=> Child process started..........
=> Child process started..........
=> Child process started..........
=> Child process started..........
=> Child process started..........
=> Child process started..........
=> Child process started.+ 516
- 516 ok!
[1]http://ftp.debian.org/dists/proposed-updates/kernel-source-2.4.20_2.4.20-3woody.2_i386.changes
[2]http://ftp.debian.org/pool/main/k/kernel-image-2.4.20-i386/
- Jon
--
jon@tgpsolutions.com
Administrator, tgpsolutions
http://www.tgpsolutions.com
Reply to: