Once you've run that exploit once it sets itself as setuid=root check for that will you? :)
if that's the case, recompile & reexecute thanks, andy On Monday 09 June 2003 20:25, Helmar wrote: > ----- From the security advisory 311-1: > > Package : kernel > Vulnerability : several > Problem-Type : local, remote > Debian-specific: no > CVE Ids : CVE-2002-0429 CAN-2003-0001 CAN-2003-0127 CAN-2003-0244 > CAN-2003-0246 CAN-2003-0247 CAN-2003-0248 CAN-2003-0364 > > A number of vulnerabilities have been discovered in the Linux kernel. > > [...] > > - - CAN-2003-0127: The kernel module loader allows local users to gain > root privileges by using ptrace to attach to a child process that is > spawned by the kernel > > [...] > > ----- End of excerpt. > > I just upgraded my kernel image from 2.4.18-k6 to 2.4.18-1-k6 and i > cannot confirm that the above bug has been fixed. The simple exploit (i > think it has been from bugtraq) is still working fine, giving every > local user easily root privileges. > > Could it be that this has only been fixed in more recent kernel versions > or has there been some kind of error? > > I hope this has been the right list to post on... > Helmar++ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]