Linux kernel bug

Martin Siegert siegert at sfu.ca
Mon Jun 12 13:55:48 PDT 2000


Martin Siegert wrote:
> > Yesterday a bug was found (or made public on bugtraq) in the Linux
> > kernel (in all 2.2 versions up to and including 2.2.15) that allows
> > local users to gain root.

Greg Lindahl wrote:
> It does not. It just allows buffer overflow attacks to be as likely to
> succeed as other OSes. That was the most misleading CERT advisory I've ever
> read.

I'm not sure whether we are talking about the same thing: there hasn't been
a CERT advisory on this (yet).
Nevertheless, the bug is real, the exploits are published.
[see www.securityfocus.com -> Forums -> mailing lists -> bugtraq -> archive
 there are numerous articles on this starting Jun. 7 and several exploits]
I have tried one of the exploits myself (published by W. Purczynski on Jun. 9)
and it is trivial to gain root.

I'm afraid there is no alternative other than upgrading to 2.2.16

Cheers,
Martin




More information about the Beowulf mailing list