|
From
|
Fabio Bardella <fabio.bardella@dada.net>
|
|
Date
|
Thu, 18 Oct 2001 22:36:38 +0200
|
|
Subject
|
[HaCkmEeTiNg] allarme antrace
|
da bugtraq:
Flaws in recent Linux kernels
Date: Thu, 18 Oct 2001 17:35:40 +0000
From: nergal@7bulls.com (Rafal Wojtczuk)
To: bugtraq@securityfocus.com
Hello,
There are two bugs present in Linux kernels 2.2.x, x<=19 and 2.4.y,
y<=9. The first vulnerability results in local DoS. The second one,
involving ptrace, can be used to gain root privileges locally (in case of
default install of most popular distributions). Linux 2.0.x is not vulnerable
to the ptrace bug mentioned.
[....] in particolare :
II. Root compromise by ptrace(3)
In order for this flaw to be exploitable, /usr/bin/newgrp must be
setuid root and world-executable. Additionally, newgrp, when run with no
arguments, should not prompt for password. This
conditions are satisfied in case of most popular Linux distributions
[..]
e questo e' MALE
bye
Lobo
---
To unsubscribe from this list: send the line "unsubscribe hackmeeting" in
the body of a message to majordomo@kyuzz.org
![[<--]](/icons/prev.gif){kind=icon}
![[-->]](/icons/next.gif){kind=icon}