Kernel root exploit en Debian?

To: debian-user-spanish@lists.debian.org
Subject: Kernel root exploit en Debian?
From: Roberto Meyer <rmeyer@idr.org.ar>
Date: 26 Oct 2001 11:10:49 -0300
Message-id: <[🔎] 1004105449.769.34.camel@upa>

Hola,

En http://linux.oreillynet.com/pub/a/linux/2001/10/22/insecurities.html
hablan de un root exploit [1] ya parchado en RedHat, Caldera y otros. 
Sin embargo no recibi aun un DSA al respecto.  Los que usamos potato con
2.2.19... como estamos?  Alguien sabe si ésto está solucionado?

Gracias,

--
Roberto

[1]
Some Linux kernels have vulnerabilities that can be exploited to gain
root access and be used in a denial-of-service attack. It is reported
that Linux kernels 2.2.19 and earlier in the 2.2.x series, and 2.4.9 and
earlier in the 2.4.x series, are vulnerable.

The vulnerability that can be used to gain root permissions is exploited
by ptrace and a set user id program. When it is exploited, arbitrary
code will be executed with root permissions. A script to automate the
exploit using the newgrp command has been released.

The denial-of-service attack is caused by making the kernel de-reference
multiple symbolic links. The Linux Kernel version 2.4.10 has a partial
fix for this vulnerability. A script has also been released that can be
used to automate the denial-of-service attack.

Reply to:

Follow-Ups:
- Re: Kernel root exploit en Debian?
  - From: Hue-Bond <hue@cyberchat2000.com>
- Re: Kernel root exploit en Debian?
  - From: Andres Seco Hernandez <AndresSH@alamin.org>

Prev by Date: Re: Se puede instalar debian en 800MB
Next by Date: Re: Programar html en consola
Previous by thread: Re: Kde2 en woody y Mosix
Next by thread: Re: Kernel root exploit en Debian?
Index(es):
- Date
- Thread