Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

2003-12-02 Thread Florian Weimer
Roman Drahtmueller wrote: > The fact that security-relevant bugs get found and fixed in an open, > transparent and traceable way may be specific to Linux, yes. The changelog message was quite cryptic. This is not the first time something like this has happened. Most of the security professional

Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

2003-12-02 Thread Paul Starzetz
On Tue, 2 Dec 2003, Florian Weimer wrote: > > The debian announcement only says that by the time that this bug was > > discovered, it was too late already for the 2.4.22 kernel release. > > Another cre^Wgroup of researches publicly claimed that they had > discovered this issue and that their expl

Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

2003-12-02 Thread Florian Weimer
Wojciech Purczynski wrote: > This is not an integer overflow bug. do_brk() doesn't verify its arguments > at all, allowing to create arbitrarily large virtual memory mapping (vma) > consuming kernel memory. At least this explains why it wasn't found by the Stanford checker tool. Thanks.

Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

2003-12-02 Thread Wojciech Purczynski
> > Recently multiple servers of the Debian project were compromised using a > > Debian developers account and an unknown root exploit. Forensics > > revealed a burneye encrypted exploit. Robert van der Meulen managed to > > decrypt the binary which revealed a kernel exploit. Study of the exploit

Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

2003-12-02 Thread Roman Drahtmueller
Hello Florian, > > > Recently multiple servers of the Debian project were compromised using a > > Debian developers account and an unknown root exploit. Forensics > > revealed a burneye encrypted exploit. Robert van der Meulen managed to > > decrypt the binary which revealed a kernel exploit. Stu

Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

2003-12-02 Thread Cedric Blancher
Le lun 01/12/2003 à 23:58, Florian Weimer a écrit : > Does this mean that the vendor-sec concept has failed, or that there is > a leak on that list? Or is this just an issue which is very specific to > Linux and its maintainer situation? This just means that vendors are using network and systems

Re: [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

2003-12-01 Thread Florian Weimer
[EMAIL PROTECTED] wrote: > Recently multiple servers of the Debian project were compromised using a > Debian developers account and an unknown root exploit. Forensics > revealed a burneye encrypted exploit. Robert van der Meulen managed to > decrypt the binary which revealed a kernel exploit. Stud

[Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory

2003-12-01 Thread debian-security-announce
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-403-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman December 1, 2003 - -