Re: root compromise on debian woody

To: debian-user@lists.debian.org
Subject: Re: root compromise on debian woody
From: Joey Hess <joeyh@debian.org>
Date: Fri, 27 May 2005 15:02:26 -0400
Message-id: <[🔎] 20050527190226.GB1285@kitenet.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 42971205.4080007@dyermaker.org>
References: <[🔎] 8752f596050526134936f40e67@mail.gmail.com> <[🔎] 20050526222805.GA23796@kitenet.net> <[🔎] 42971205.4080007@dyermaker.org>

Phil Dyer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Joey Hess said:
> 
> > Well to choose one security hole at random out of dozens to hundreds
> > that remain unfixed in woody's kernels, this one allows anyone to go from
> > a normal user account to root:
> > 
> > CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
> >         - kernel-source-2.6.11 2.6.11 2.6.11-4
> >         - kernel-source-2.6.8 2.6.8-16
> >         - kernel-source-2.4.27 2.4.27-10
> > 
> I'm a little confused on this. First, I don't see that 2.6.x or 2.4.27
> is available in woody - at least from the debian.org packages page for
> woody.

The listed kernel versions are for the debian kernel packages in
unstable (but targeted at sarge) that fix the particular hole I used as
an example.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- root compromise on debian woody
  - From: Selva Nair <selva.nair@gmail.com>
- Re: root compromise on debian woody
  - From: Joey Hess <joeyh@debian.org>
- Re: root compromise on debian woody
  - From: Phil Dyer <phil@dyermaker.org>

Prev by Date: Re: fsck on /dev/hde1 during boot,
Next by Date: Re: Avoiding make-kpkg clean, redux
Previous by thread: Re: root compromise on debian woody
Next by thread: mouse scroll wheel ZAxisMapping
Index(es):
- Date
- Thread