Well this msg was recently posted to bugtraq, I don't know how many of you have seen it but I figure I may as well post it incase you haven't seen it.
http://www.kerneltrap.com/article.ph...thread&order=0
I tried to paste it all, but it was too long. :-[
That is the bug that was fixed by RedHat's 2.4.9-6 kernel update for RH 7.1 last week and the 2.4.9-7 kernel update to RH 7.2 today. The ptrace bug really isn't that serious. It was a local exploit, so an attacker must already have access to your system to exploit it.
Jim H
Getting a shell on a computer is often only half the battle. The ability to elevate user privilages is one of the more important things once on a computer. So the ptrace bug could affect a lot of computers. Although, any SetUID program can do harm essentially.
Good to hear RedHat is on top of things. Its to bad most people don't update their systems on a regular basis, or bugs like this wouldn't stay a problem for so long. Although I tried it out on the 2.4.5 kernel that was default with Slack 8 and it didn't work.
Do you know why RH 7.2 was shipped with 2.4.9 (or was it 2.4.7 ?? ) over 2.4.12 ? My guess would be that they were already working with 2.4.9 for too long before 2.4.12 came out, and it wouldn't have meshed with their release date?
RH 7.2 shipped with 2.4.7-10. RedHat rigorously tests their kernels before releasing them. When the cutoff date arrived for the 7.2 release a newer version probably wasn't ready. I suspect one reason for nothing newer then 2.4.9 is that something in kernel >=2.4.10 breaks the ability to convert ext2 partitions to ext3. I don't know exactly what change caused this, but this is what I heard.Do you know why RH 7.2 was shipped with 2.4.9 (or was it 2.4.7 ?? ) over 2.4.12 ? My guess would be that they were already working with 2.4.9 for too long before 2.4.12 came out, and it wouldn't have meshed with their release date?
Jim H
Posting Permissions
Reply With Quote
Bookmarks