Re: bf2.4 and the ptrace exploit

To: debian-user@lists.debian.org
Subject: Re: bf2.4 and the ptrace exploit
From: Andreas Janssen <andreas.janssen@bigfoot.com>
Date: Wed, 10 Sep 2003 02:11:19 +0200
Message-id: <[🔎] bjlq51$qae$1@sea.gmane.org>
References: <[🔎] 20030909190849.GA9179@192.168.0.5> <[🔎] bjld08$26a$1@sea.gmane.org> <[🔎] 200309091546.17026.markus@tekkno.net>

Hello

Markus Dejmek (<markus@tekkno.net>) wrote:

> The exploit still works with the latest 2.4.18-5woody4.
> I just tried it.
> 
> testserver:~# apt-cache policy kernel-image-2.4.18-bf2.4
> kernel-image-2.4.18-bf2.4:
>   Installed: 2.4.18-5woody4
>   Candidate: 2.4.18-5woody4
>   Version Table:
>  *** 2.4.18-5woody4 0
>         500 http://security.debian.org stable/updates/main Packages
>         100 /var/lib/dpkg/status
>      2.4.18-5 0
>         500 http://http.us.debian.org stable/main Packages

According to the Debian security team (DSA-311-1), this problem has been
fixed. From the DSA:
 CAN-2003-0127: The kernel module loader allows local users to gain
  root privileges by using ptrace to attach to a child process that is
  spawned by the kernel

The updated package was kernel-image-2.4.18-bf2.4_2.4.18-5woody1.If bug
really is still there in woody4 they should be informed.

best regards
        Andreas Janssen

-- 
Andreas Janssen
andreas.janssen@bigfoot.com
PGP-Key-ID: 0xDC801674
Registered Linux User #267976

Reply to:

References:
- bf2.4 and the ptrace exploit
  - From: "Jean-Michel besnard <jm-ml@tekkno.net>" <besnard@tekkno.net>
- Re: bf2.4 and the ptrace exploit
  - From: Andreas Janssen <andreas.janssen@bigfoot.com>
- Re: bf2.4 and the ptrace exploit
  - From: Markus Dejmek <markus@tekkno.net>

Prev by Date: Re: kernel recompile - correct syntax
Next by Date: Delivering was terminated! Virus detect!
Previous by thread: Re: bf2.4 and the ptrace exploit
Next by thread: Re: bf2.4 and the ptrace exploit
Index(es):
- Date
- Thread