Linux kernel bug
Martin Siegert
siegert at sfu.ca
Mon Jun 12 13:55:48 PDT 2000
Martin Siegert wrote:
> > Yesterday a bug was found (or made public on bugtraq) in the Linux
> > kernel (in all 2.2 versions up to and including 2.2.15) that allows
> > local users to gain root.
Greg Lindahl wrote:
> It does not. It just allows buffer overflow attacks to be as likely to
> succeed as other OSes. That was the most misleading CERT advisory I've ever
> read.
I'm not sure whether we are talking about the same thing: there hasn't been
a CERT advisory on this (yet).
Nevertheless, the bug is real, the exploits are published.
[see www.securityfocus.com -> Forums -> mailing lists -> bugtraq -> archive
there are numerous articles on this starting Jun. 7 and several exploits]
I have tried one of the exploits myself (published by W. Purczynski on Jun. 9)
and it is trivial to gain root.
I'm afraid there is no alternative other than upgrading to 2.2.16
Cheers,
Martin
More information about the Beowulf
mailing list