Re: DSA-311-1 New kernel packages - Bug is not fixed!

To: Helmar <helmar.wieland@gmx.de>
Cc: <debian-security@lists.debian.org>
Subject: Re: DSA-311-1 New kernel packages - Bug is not fixed!
From: Mike Dresser <mdresser_l@windsormachine.com>
Date: Mon, 9 Jun 2003 15:07:32 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.33.0306091505360.22195-100000@router.windsormachine.com>
In-reply-to: <[🔎] 3EE4D117.4090309@gmx.de>

On Mon, 9 Jun 2003, Helmar wrote:

> I just upgraded my kernel image from 2.4.18-k6 to 2.4.18-1-k6 and i
> cannot confirm that the above bug has been fixed. The simple exploit (i
> think it has been from bugtraq) is still working fine, giving every
> local user easily root privileges.
>

take the setuid flag off the binary that was created from the code, and
you'll find the exploit doesn't work anymore.  the exploit sets itself
setuid root when it is run on a vulnerable system.

Mike

Reply to:

References:
- DSA-311-1 New kernel packages - Bug is not fixed!
  - From: Helmar <helmar.wieland@gmx.de>

Prev by Date: Re: DSA-311-1 New kernel packages - Bug is not fixed!
Next by Date: Re: DSA-311-1 New kernel packages - Bug is not fixed!
Previous by thread: Re: DSA-311-1 New kernel packages - Bug is not fixed!
Next by thread: Re: DSA-311-1 New kernel packages - Bug is not fixed!
Index(es):
- Date
- Thread