Re: 2.4.24 fixes local root exploit in 2.4.23

To: debian-user@lists.debian.org
Subject: Re: 2.4.24 fixes local root exploit in 2.4.23
From: GCS <gcs@lsc.hu>
Date: Mon, 5 Jan 2004 21:05:52 +0100
Message-id: <[🔎] 20040105200552.GA6197@lsc.hu>
In-reply-to: <[🔎] 20040105182717.GC15548@mhelas.home>
References: <[🔎] 20040105180640.GA32304@comcast.net> <[🔎] 3FF9A8FE.4020701@yahoo.es> <[🔎] 20040105182717.GC15548@mhelas.home>

On Mon, Jan 05, 2004 at 07:27:17PM +0100, Martin Helas <mhelas@helas.net> wrote:
> > Don't forget that 2.2 and 2.6 kernels are also affected.  2.6 patches
> > are due shortly.
> There is already a patch for 2.6 [1] published by Linus, but there is no
> official patch yet.
> [1] http://marc.theaimsgroup.com/?l=linux-kernel&m=107332139413041&w=2
There's an other fix in 2.4.24:
<trini:mvista.com>:
  o /dev/rtc can leak parts of kernel memory to unpriviledged users

As I haven't seen Linus' patch then, I forward ported the 2.4.24 patch:
http://www.lsc.hu/2.6.0-security.patch
This contains the RTC fixes, but the mremap check is not so strict -
it's the original fix from 2.4.24.

Cheers,
GCS

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- 2.4.24 fixes local root exploit in 2.4.23
  - From: Nano Nano <40101.nospam@comcast.net>
- Re: 2.4.24 fixes local root exploit in 2.4.23
  - From: Roberto Sanchez <rcsanchez97@yahoo.es>
- Re: 2.4.24 fixes local root exploit in 2.4.23
  - From: Martin Helas <mhelas@helas.net>

Prev by Date: Re: ifconfig eth0 shows errors building
Next by Date: Re: fetchmail: lock creation failed
Previous by thread: Re: 2.4.24 fixes local root exploit in 2.4.23
Next by thread: Re: Problem with lxdialog (make menuconfig) and ncurses
Index(es):
- Date
- Thread