[cad-linux] [OT] fwd: Debian security fix.

  • From: phrostie <pfrostie@xxxxxxxxx>
  • To: cad-linux@xxxxxxxxxxxxx
  • Date: Mon, 1 Dec 2003 13:41:18 -0800 (PST)

this is not CAD related, but i know we have a number of debian users on the
list.


> Forwarded info from debian security list:
> 
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-403-1                   security@xxxxxxxxxx
> http://www.debian.org/security/                         Wichert Akkerman
> December  1, 2003
> - ------------------------------------------------------------------------
> 
> 
> Package        : kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386,
> kernel-source-2.4.18
> Vulnerability  : userland can access full kernel memory 
> Problem type   : local
> Debian-specific: no
> CVE Id(s)      : CAN-2003-0961
> 
> Recently multiple servers of the Debian project were compromised using a
> Debian developers account and an unknown root exploit. Forensics
> revealed a burneye encrypted exploit. Robert van der Meulen managed to
> decrypt the binary which revealed a kernel exploit. Study of the exploit
> by the RedHat and SuSE kernel and security teams quickly revealed that
> the exploit used an integer overflow in the brk system call. Using
> this bug it is possible for a userland program to trick the kernel into
> giving access to the full kernel address space. This problem was found
> in September by Andrew Morton, but unfortunately that was too late for
> the 2.4.22 kernel release.
> 
> This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and
> 2.6.0-test6 kernel tree. For Debian it has been fixed in version
> 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
> kernel images and version 2.4.18-11 of the alpha kernel images.
> 

=====
phrostie
Oh I have slipped the surly bonds of DOS
and danced the skies on Linux silvered wings.
http://pfrostie.freeservers.com/cad-tastrafy/
//www.freelists.org/webpage/cad-linux

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

Other related posts:

  • » [cad-linux] [OT] fwd: Debian security fix.
  1. Home
  2. cad-linux
  3. Archive
  4. 12-2003