[lug] New root exploit for kernels prior to 2.4.12
John Hernandez
John.Hernandez at noaa.gov
Fri Oct 19 17:09:44 MDT 2001
The posting I read outlined two exploits, both local. First one involved a DoS possible with deep symlinks. The second was an SUID vulnerability which would possibly allow root access to local users under certain widespread default installations. Exploit code was provided for at least one of the two.
Nate Duehr wrote:
>
> I haven't had a chance to read this yet, but is this a remote exploit
> (network-based) or a local exploit?
>
> On Fri, Oct 19, 2001 at 11:55:47AM -0600, Scott A. Herod wrote:
> > Security focus has a note about a root exploit against kernels prior to
> > 2.4.12.
> >
> > http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
> >
> > Since they've also put up an exploit, I'd guess that it's once again
> > time to upgrade
> > the kernel.
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
> --
> Nate Duehr <nate at natetech.com>
>
> GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
> Public Key available upon request, or at wwwkeys.pgp.net and others.
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
--
- John Hernandez - Network Engineer - 303-497-6392 -
| National Oceanic and Atmospheric Administration |
| Mailstop R/OM12. 325 Broadway, Boulder, CO 80305 |
----------------------------------------------------
More information about the LUG
mailing list