Hosting Provided By

[DSA 1494-1] Missing update for user-mode-linux (was: [SECURITY] [DSA 1494-1] New linux-2.6 packages fix privilege escalation)

From: Nicolas Boullis <nicolas.boullis(at)ecp.fr>
Date: Tue Feb 12 2008 - 10:09:00 EST

Hi,

The update for DSA 1494-1 lacks an update for the user-mode-linux package. Note that I tried the exploit found in the wild. It worked fine with the standard linux-image-2.6.18-6-686 kernel, but lead to a crash both in my user-mode-linux virtual servers and with the linux-image-2.6.18-6-686-bigmem. I guess it is possible to adapt the exploit for those kernels, but I have not tried.

I tried to rebuilt user-mode-linux, using the updated source. Using this new user-mode-linux kernel, the same exploit just fails, as it does on an up-to-date kernel.

I think this package deserves an official upgrade.

Cheers,

Nicolas

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Tue Feb 12 10:46:14 2008

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:44 EDT