Roman Drahtmueller wrote:
> The fact that security-relevant bugs get found and fixed in an open,
> transparent and traceable way may be specific to Linux, yes.
The changelog message was quite cryptic. This is not the first time
something like this has happened. Most of the security professional
On Tue, 2 Dec 2003, Florian Weimer wrote:
> > The debian announcement only says that by the time that this bug was
> > discovered, it was too late already for the 2.4.22 kernel release.
>
> Another cre^Wgroup of researches publicly claimed that they had
> discovered this issue and that their expl
Wojciech Purczynski wrote:
> This is not an integer overflow bug. do_brk() doesn't verify its arguments
> at all, allowing to create arbitrarily large virtual memory mapping (vma)
> consuming kernel memory.
At least this explains why it wasn't found by the Stanford checker tool.
Thanks.
> > Recently multiple servers of the Debian project were compromised using a
> > Debian developers account and an unknown root exploit. Forensics
> > revealed a burneye encrypted exploit. Robert van der Meulen managed to
> > decrypt the binary which revealed a kernel exploit. Study of the exploit
Hello Florian,
>
> > Recently multiple servers of the Debian project were compromised using a
> > Debian developers account and an unknown root exploit. Forensics
> > revealed a burneye encrypted exploit. Robert van der Meulen managed to
> > decrypt the binary which revealed a kernel exploit. Stu
Le lun 01/12/2003 à 23:58, Florian Weimer a écrit :
> Does this mean that the vendor-sec concept has failed, or that there is
> a leak on that list? Or is this just an issue which is very specific to
> Linux and its maintainer situation?
This just means that vendors are using network and systems
[EMAIL PROTECTED] wrote:
> Recently multiple servers of the Debian project were compromised using a
> Debian developers account and an unknown root exploit. Forensics
> revealed a burneye encrypted exploit. Robert van der Meulen managed to
> decrypt the binary which revealed a kernel exploit. Stud
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-403-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Wichert Akkerman
December 1, 2003
- -