this is not CAD related, but i know we have a number of debian users on the list. > Forwarded info from debian security list: > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-403-1 security@xxxxxxxxxx > http://www.debian.org/security/ Wichert Akkerman > December 1, 2003 > - ------------------------------------------------------------------------ > > > Package : kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, > kernel-source-2.4.18 > Vulnerability : userland can access full kernel memory > Problem type : local > Debian-specific: no > CVE Id(s) : CAN-2003-0961 > > Recently multiple servers of the Debian project were compromised using a > Debian developers account and an unknown root exploit. Forensics > revealed a burneye encrypted exploit. Robert van der Meulen managed to > decrypt the binary which revealed a kernel exploit. Study of the exploit > by the RedHat and SuSE kernel and security teams quickly revealed that > the exploit used an integer overflow in the brk system call. Using > this bug it is possible for a userland program to trick the kernel into > giving access to the full kernel address space. This problem was found > in September by Andrew Morton, but unfortunately that was too late for > the 2.4.22 kernel release. > > This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and > 2.6.0-test6 kernel tree. For Debian it has been fixed in version > 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 > kernel images and version 2.4.18-11 of the alpha kernel images. > ===== phrostie Oh I have slipped the surly bonds of DOS and danced the skies on Linux silvered wings. http://pfrostie.freeservers.com/cad-tastrafy/ //www.freelists.org/webpage/cad-linux __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/