Hosting Provided By

Re: [DSA 1494-1] Still vulnerable?

From: Florian Weimer <fw(at)deneb.enyo.de>
Date: Tue Feb 12 2008 - 14:03:41 EST

Jens Schüßler:

> I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and
> build a new linux-image. But after installing an rebooting I still was
> able to become root with this exploit:
> http://milw0rm.com/exploits/5092
>
> Can anyone reproduce this?

Not in our tests. Are you sure you're running the new kernel? What does "uname -a" say?

Has this machine been upgraded from sarge? Then you need to edit /etc/kernel-img.conf to adjust the path to update-grub (or just use "update-grub" without path). Received on Tue Feb 12 14:07:03 2008

This message: [ Message body ]
Next message: DuÅ¡an VejnoviÄ: "DSA-1494-1 linux-2.6 for vserver"
Previous message: Jens Schüßler: "[DSA 1494-1] Still vulnerable?"
In reply to: Jens Schüßler: "[DSA 1494-1] Still vulnerable?"
Next in thread: Jens Schüßler: "Re: [DSA 1494-1] Still vulnerable?"
Reply: Jens Schüßler: "Re: [DSA 1494-1] Still vulnerable?"
Reply: Martin Spinassi: "Re: [DSA 1494-1] Still vulnerable?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:45 EDT