Re: Kernel Vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: Kernel Vulnerabilities
From: Christophe Chisogne <christophe@publicityweb.com>
Date: Thu, 30 Dec 2004 11:16:05 +0100
Message-id: <[🔎] 41D3D565.9030401@publicityweb.com>
In-reply-to: <20041114020336.GA6865@hexstream>
References: <20041114004100.57896.qmail@web50409.mail.yahoo.com> <20041114020336.GA6865@hexstream>

David Ramsden a écrit :

On Sat, Nov 13, 2004 at 04:41:00PM -0800, peace bwitchu wrote:

http://securitytracker.com/alerts/2004/Nov/1012165.html


PoC for the first one is at:
http://www.k-otik.com/exploits/20041111.elfdump.c.php

There is a reference in the changelog for 2.4.28-rc3:
   "binfmt_elf: handle partial reads gracefully"


Fixed by debian patch 097-elf_loader_overflow-1.diff.bz2, which is
included in kernel-source-2.4.27-6 (and corresp. kernel-image debs).

Cfr "Fix multiple vulnerablilities in the ELF loader. (Simon Horman)"
in 2.4.27-6 kernel-source changelog
http://packages.debian.org/changelogs/pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-6/changelog

Christophe

Reply to:

Prev by Date: Re: rm files owned by root?
Next by Date: Re: Missing security fixes for Woody kernel
Previous by thread: Re: rm files owned by root?
Next by thread: Re: Missing security fixes for Woody kernel
Index(es):
- Date
- Thread