Hello Markus Dejmek (<[EMAIL PROTECTED]>) wrote:
> The exploit still works with the latest 2.4.18-5woody4. > I just tried it. > > testserver:~# apt-cache policy kernel-image-2.4.18-bf2.4 > kernel-image-2.4.18-bf2.4: > Installed: 2.4.18-5woody4 > Candidate: 2.4.18-5woody4 > Version Table: > *** 2.4.18-5woody4 0 > 500 http://security.debian.org stable/updates/main Packages > 100 /var/lib/dpkg/status > 2.4.18-5 0 > 500 http://http.us.debian.org stable/main Packages According to the Debian security team (DSA-311-1), this problem has been fixed. From the DSA: CAN-2003-0127: The kernel module loader allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel The updated package was kernel-image-2.4.18-bf2.4_2.4.18-5woody1.If bug really is still there in woody4 they should be informed. best regards Andreas Janssen -- Andreas Janssen [EMAIL PROTECTED] PGP-Key-ID: 0xDC801674 Registered Linux User #267976 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
