Re: [DSA 1494-1] Still vulnerable?

To: debian-security@lists.debian.org
Subject: Re: [DSA 1494-1] Still vulnerable?
From: Martin Spinassi <mylists@itcom.com.ar>
Date: Wed, 13 Feb 2008 18:23:16 -0200
Message-id: <[🔎] 1202934196.3701.21.camel@kr0sty.1.com.ar>
Reply-to: mylists@itcom.com.ar
In-reply-to: <[🔎] 87lk5q3sky.fsf@mid.deneb.enyo.de>
References: <[🔎] 20080212180115.GA11150@home.sge.kicks-ass.org> <[🔎] 87lk5q3sky.fsf@mid.deneb.enyo.de>

On Tue, 2008-02-12 at 20:03 +0100, Florian Weimer wrote:
> * Jens Schüßler:
> 
> > I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and
> > build a new linux-image. But after installing an rebooting I still was 
> > able to become root with this exploit:
> > http://milw0rm.com/exploits/5092
> >
> > Can anyone reproduce this?
> 
> Not in our tests.  Are you sure you're running the new kernel?  What
> does "uname -a" say?
> 
> Has this machine been upgraded from sarge?  Then you need to edit
> /etc/kernel-img.conf to adjust the path to update-grub (or just use
> "update-grub" without path).
> 
I'm using stack kernel in debian etch, upgraded daily, and still vulnerable.

$ uname -a
Linux kr0sty 2.6.22-3-486 #1 Mon Nov 12 07:53:08 UTC 2007 i686 GNU/Linux

Reply to:

Follow-Ups:
- Re: [DSA 1494-1] Still vulnerable?
  - From: Noah Meyerhans <noahm@debian.org>

References:
- [DSA 1494-1] Still vulnerable?
  - From: Jens Schüßler <jgs@trash.net>
- Re: [DSA 1494-1] Still vulnerable?
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [SECURITY] [DSA 1496-1] New mplayer packages fix arbitrary code execution
Next by Date: Re: [DSA 1494-1] Still vulnerable?
Previous by thread: Re: [DSA 1494-1] Still vulnerable?
Next by thread: Re: [DSA 1494-1] Still vulnerable?
Index(es):
- Date
- Thread