Serious vulnerability in 2.2 Kernels (fwd)
Derek Martin
ddm at mclinux.com
Thu Mar 29 13:24:33 EST 2001
There is a very serious security vulnerability in all Linux Kernel
versions up to and including Linux 2.2.18. This vulnerability can be
exploited easily and trivially by running readily available exploit code
against any SUID-root executable on the system to allow any local user the
ability to gain root privileges.
Linux 2.2.19 was released this week, and is not vulnerable. Also, all of
the 2.4 series kernels are not vulnerable. For more information about
this vulnerability, see the following links:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D171708%26end%3D2001-03-31%26
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D171950%26end%3D2001-03-31%26
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D172196%26end%3D2001-03-31%26
If you have users on your systems who should not have root privileges, you
definitely need to upgrade your kernel today!
--
Derek Martin
Senior System Administrator
Mission Critical Linux
martin at MissionCriticalLinux.com
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list