|
Click to See Complete Forum and Search --> : BAD KERNEL BUG - SECURITY HOLE berb 10-19-2001, 12:41 PM in 2.2.x - 2.4.12 (not a typo) there are 2 bugs that 1)can cause a local DoS and 2)grant privliage elevation to local users. Patch 'em boyos- This Link for Info (http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21) Strike 10-19-2001, 01:21 PM From your link: 2.4.12 kernel fixes both presented problems. So, 2.4.12 is not affected by this. Choozo 10-19-2001, 01:28 PM It's 2.2.x -> 2.4.10 (included) spickus 10-19-2001, 08:46 PM The local root exploit does NOT work on Slackware. When newgrp is run with no parameters, as described here: http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21 it DOES prompt for a password. The article mentions using "su". Does this mean that Slack is vunerable to this exploit by using su ? Golden_Eternity 10-21-2001, 03:19 PM Yes, Slack is affected. Time to upgrade your kernel. Eroberer 10-21-2001, 03:51 PM How many years did it take to discover this? What is su? r0nster 10-21-2001, 05:26 PM Originally posted by Eroberer: <STRONG>*snip* What is su?</STRONG> su = substitute user, or switch user. Most of the time, su is used by a user (like the owner of said computer) to gain root privileges to install packages, do some sys admin stuff, etc. bdg1983 10-21-2001, 06:15 PM man su justlinux.com
Copyright Internet.com Inc. All Rights Reserved. |
|