Hia, I found this just minutes ago on the openwall (http://www.openwall.com/linux/) website: October 18, 2001 Linux 2.2.19-ow3 fixes two Linux kernel vulnerabilities discovered by Rafal Wojtczuk. Please refer to the Owl changelog for information on the vulnerabilities and how they affect Owl. Of the two newly discovered vulnerabilities, Linux 2.0.39-ow3 is only affected by the DoS.
And on http://www.openwall.com/Owl/CHANGES.shtml: 2001/10/18 kernel SECURITY FIX Severity: low to high, local, active A new revision of the Openwall Linux kernel patch, 2.2.19-ow3, is now available. It contains fixes for two Linux kernel vulnerabilities discovered by Rafal Wojtczuk <nergal at owl.openwall.com> and is strongly recommended for use with Owl. One of the vulnerabilities affected SUID/SGID execution by processes being traced with ptrace(2). It was possible to trick the kernel into recognizing an unsuspecting SUID root program as the (privileged) tracer process. Then, if that program would execute a program supplied by the malicious user (with the user's credentials), the user's program would inherit the ability to trace. Fortunately, there's no program that would meet all of the requirements for this attack in the default Owl install. However, certain supported non-default configurations of Owl are affected. In particular, if newgrp(1) is made available to untrusted users (which is a supported owl-control setting) or certain third-party software which contains SUID root binaries is installed, the vulnerability may become exploitable and result in a local root compromise. The other vulnerability allowed for an effective local DoS attack by causing the kernel to spend an almost arbitrary amount of time on dereferencing a single symlink, without giving a chance for processes to run. Seems like another bug in the 2.2.19 kernel (not only with ow running). Could Sun/Cobalt people please look in to this and see if this is a problem? Met vriendelijke groet/With kind regards, Peter Batenburg ProServe B.V. Prisma 100 3364 DJ Sliedrecht Tel.: 0184 - 423 815 Fax: 0184 - 417 160 http://www.proserve.nl ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying the email and please remove the files from your computer. This footnote also confirms that this email message has been swept for the presence of computer viruses. ********************************************************************** _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
