Local Root Hole
I recently read on slashdot.com the following. xepsilon writes A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch. I am using debian kernel 2.4.18-586 Does this apply to me. If so I am a newbie and don't know exactly how to find the patch or even implement it. Please advise. Kris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Local Root Hole
-Original Message- From: Kris [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 3:50 PM To: Debian List Subject: Local Root Hole xepsilon writes A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch. I am using debian kernel 2.4.18-586 Does this apply to me. If so I am a newbie and don't know exactly how to find the patch or even implement it. Please advise. Kris Yes, this affects your kernel, assuming it is the stock Debian kernel. You can either download the kernel sources, patch it, and compile a new kernel yourself, or wait for the Debian team to release an updated kernel (if they haven't already). j. -- Jeremy L. Gaddis [EMAIL PROTECTED] http://www.gaddis.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Local Root Hole
xepsilon writes A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch. Yes, this affects u too. get the patch and then man patch to learn how to apply the patch. one thing though, the patch is applied to the source files and u would have to recompile the kernel after that. If u'r not scared of that, go ahead and upgrade. Sharninder Singh National Institute Of Management, Calcutta -- 'M.C.S.E - Minesweeper Consultant Solitaire Expert' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
