BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Serious vulnerability in 2.2 Kernels (fwd)

Subject: Serious vulnerability in 2.2 Kernels (fwd)
From: jfreeman at connix.com (Joshua S. Freeman)
Date: Thu, 29 Mar 2001 15:10:37 -0500 (EST)
In-reply-to: <Pine.LNX.4.21.0103291322230.24702-100000@martin.lowell.mclinux.com>

Derek,

my machine was owned a couple of weeks ago... 

I'm anxious to quickly upgrade to the newer kernel.  i've just printed
out the kernel how to, but it doesn't seem to address 2.2 kernels...

can you, or anyone else reading this, direct me somewhere where I can
begin the task of upgrading to 2.2.19?

I have to do this on two boxes running VA's version of piglet as well as 
a debian box...


TIA,

J.


On
Thu, 29 Mar 2001, Derek Martin wrote:

> 
> 
> There is a very serious security vulnerability in all Linux Kernel
> versions up to and including Linux 2.2.18.  This vulnerability can be
> exploited easily and trivially by running readily available exploit code
> against any SUID-root executable on the system to allow any local user the
> ability to gain root privileges.
> 
> Linux 2.2.19 was released this week, and is not vulnerable.  Also, all of
> the 2.4 series kernels are not vulnerable.  For more information about
> this vulnerability, see the following links:
> 
>   http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D171708%26end%3D2001-03-31%26
>   http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D171950%26end%3D2001-03-31%26
>   http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D172196%26end%3D2001-03-31%26
> 
> If you have users on your systems who should not have root privileges, you
> definitely need to upgrade your kernel today!
> 
> -- 
> Derek Martin
> Senior System Administrator
> Mission Critical Linux
> martin at MissionCriticalLinux.com 
> 
> 
> 
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
> 

         -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
           Joshua S. Freeman | preferred email: jfreeman at connix.com  
                   pgp public key: finger jfreeman at connix.com
                          http://www.threeofus.com
                 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

References:
- Serious vulnerability in 2.2 Kernels (fwd)
  - From: ddm at mclinux.com (Derek Martin)

Prev by Date: Help... I've been hacked!
Next by Date: Serious vulnerability in 2.2 Kernels (fwd)
Previous by thread: Serious vulnerability in 2.2 Kernels (fwd)
Next by thread: Serious vulnerability in 2.2 Kernels (fwd)
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org