Yesterday Rafal Wojtczuk posted to BugTraq regarding two kernel bugs:
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
I'm curious to understand more about these bugs. I.E., are they real? And,
are they fixed in 2.4.12 as claimed? How about in the -ac series?
The first kernel bug is regarding symbolic links. Rafal says it is partially
fixed in 2.4.10, and completely fixed in 2.4.12. This bug allows for a local
user to carry out a Denial of Service attack.
The second bug allows for a root compromise via ptrace. The requirements are
that /usr/bin/newgrp be suid root (as in my RedHat 7.0 server), and that newgrp
not prompt for a password when run without arguments (again, as is the case with
my RedHat 7.0 server). Rafal says the attack only appears to work on Linux.
Thanks,
-Jeremy
-- Jeremy Andrews <mailto:jeremy@kerneltrap.com> PGP Key ID: 8F8B617A http://www.kerneltrap.com/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/