[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[DSA-311-1] New kernel packages - Bug not fixed!

----- From the security advisory 311-1:

Package        : kernel
Vulnerability  : several
Problem-Type   : local, remote
Debian-specific: no
CVE Ids : CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364 

A number of vulnerabilities have been discovered in the Linux kernel.

[...]

- - CAN-2003-0127: The kernel module loader allows local users to gain
  root privileges by using ptrace to attach to a child process that is
  spawned by the kernel

[...]

----- End of excerpt.
I just upgraded my kernel image from 2.4.18-k6 to 2.4.18-1-k6 and i cannot confirm that the above bug has been fixed. The simple exploit (i think it has been from bugtraq) is still working fine, giving every local user easily root privileges.
Could it be that this has only been fixed in more recent kernel versions or has there been some kind of error? 

bye
Helmar++
Reply to: