Re: [DSA 1494-1] Still vulnerable?

To: Jens Schüßler <jgs@trash.net>
Cc: debian-security@lists.debian.org
Subject: Re: [DSA 1494-1] Still vulnerable?
From: Stefan Fritsch <sf@sfritsch.de>
Date: Tue, 12 Feb 2008 21:50:28 +0100
Message-id: <[🔎] 200802122150.28825.sf@sfritsch.de>
In-reply-to: <[🔎] 20080212201830.GA5410@home.sge.kicks-ass.org>
References: <[🔎] 20080212180115.GA11150@home.sge.kicks-ass.org> <[🔎] 87lk5q3sky.fsf@mid.deneb.enyo.de> <[🔎] 20080212201830.GA5410@home.sge.kicks-ass.org>

On Tuesday 12 February 2008, Jens Schüßler wrote:
> * Florian Weimer <fw@deneb.enyo.de> wrote:
> > * Jens Schüßler:
> > > I just upgraded my linux-source-2.6.18 to
> > > 2.6.18.dfsg.1-18etch1_all and build a new linux-image. But
> > > after installing an rebooting I still was able to become root
> > > with this exploit:
> > > http://milw0rm.com/exploits/5092

I checked that the fix is in the source tarball.

> $uname -a
> Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:10 CET 2008 i686
> GNU/Linux
>
> As I said, fresh compiled from the new sources-Packet

Only /usr/src/linux-source-2.6.18.tar.bz2 is in the source package. 
Maybe you forgot to extract it again, and used an old version you had 
already unpacked?

Stefan

Reply to:

References:
- [DSA 1494-1] Still vulnerable?
  - From: Jens Schüßler <jgs@trash.net>
- Re: [DSA 1494-1] Still vulnerable?
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: [DSA 1494-1] Still vulnerable?
  - From: Jens Schüßler <jgs@trash.net>

Prev by Date: Re: DSA-1494-1 linux-2.6 for vserver
Next by Date: Re: [DSA 1494-1] Still vulnerable?
Previous by thread: Re: [DSA 1494-1] Still vulnerable?
Next by thread: Re: [DSA 1494-1] Still vulnerable?
Index(es):
- Date
- Thread