[gentoo-user] Cron and Local Root Vuln

[gentoo-user] Cron and Local Root Vuln

[Ow Mun Heng]

There was a disclosure in bugtraq/full-disclosure on this issue.
Main thread is here
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047831.html

Workround is here
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047868.html

Proof of concept is here
http://www.milw0rm.com/exploits/2006

This is on a GentooLInux Box 2.6.16-suspend2-r1 kernel.

-- 
Ow Mun Heng <Ow.Mun.Heng@wdc.com>

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Cron and Local Root Vuln

[kashani]

Ow Mun Heng wrote:
> There was a disclosure in bugtraq/full-disclosure on this issue.
> Main thread is here
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047831.html
> 
> Workround is here
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047868.html
> 
> Proof of concept is here
> http://www.milw0rm.com/exploits/2006
> 
> This is on a GentooLInux Box 2.6.16-suspend2-r1 kernel.
> 

updating to gentoo sources 2.6.16-r12 (2.6.16.24) or 2.6.17-r2 
(2.6.17.4) also fixes it. genpatch-2.6.16-14 is the important file if 
you're using other sources and the ebuild for 
suspend2-sources-2.6.16-r11 includes it.

kashani
-- 
gentoo-user@gentoo.org mailing list