Re: [DSA 1494-1] Still vulnerable?
On Tue, 2008-02-12 at 20:03 +0100, Florian Weimer wrote:
> * Jens Schüßler:
>
> > I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and
> > build a new linux-image. But after installing an rebooting I still was
> > able to become root with this exploit:
> > http://milw0rm.com/exploits/5092
> >
> > Can anyone reproduce this?
>
> Not in our tests. Are you sure you're running the new kernel? What
> does "uname -a" say?
>
> Has this machine been upgraded from sarge? Then you need to edit
> /etc/kernel-img.conf to adjust the path to update-grub (or just use
> "update-grub" without path).
>
I'm using stack kernel in debian etch, upgraded daily, and still vulnerable.
$ uname -a
Linux kr0sty 2.6.22-3-486 #1 Mon Nov 12 07:53:08 UTC 2007 i686 GNU/Linux
Reply to: