On Wed, Feb 13, 2008 at 06:23:16PM -0200, Martin Spinassi wrote: > > > I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and > > > build a new linux-image. But after installing an rebooting I still was > > > able to become root with this exploit: > > > http://milw0rm.com/exploits/5092 > > > > > > Can anyone reproduce this? > > > > Not in our tests. Are you sure you're running the new kernel? What > > does "uname -a" say? > > > > Has this machine been upgraded from sarge? Then you need to edit > > /etc/kernel-img.conf to adjust the path to update-grub (or just use > > "update-grub" without path). > > > I'm using stack kernel in debian etch, upgraded daily, and still vulnerable. > > $ uname -a > Linux kr0sty 2.6.22-3-486 #1 Mon Nov 12 07:53:08 UTC 2007 i686 GNU/Linux Eh? 2.6.22 isn't in etch at all. Etch includes 2.6.18. noah
Attachment:
signature.asc
Description: Digital signature