Hosting Provided By

Re: [DSA 1494-1] Still vulnerable?

From: Stefan Fritsch <sf(at)sfritsch.de>
Date: Tue Feb 12 2008 - 15:50:28 EST

On Tuesday 12 February 2008, Jens Schüßler wrote:
> * Florian Weimer <fw@deneb.enyo.de> wrote:
> > * Jens Schüßler:
> > > I just upgraded my linux-source-2.6.18 to
> > > 2.6.18.dfsg.1-18etch1_all and build a new linux-image. But
> > > after installing an rebooting I still was able to become root
> > > with this exploit:
> > > http://milw0rm.com/exploits/5092

I checked that the fix is in the source tarball.

> $uname -a
> Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:10 CET 2008 i686
> GNU/Linux
>
> As I said, fresh compiled from the new sources-Packet

Only /usr/src/linux-source-2.6.18.tar.bz2 is in the source package. Maybe you forgot to extract it again, and used an old version you had already unpacked?

Stefan Received on Tue Feb 12 16:10:17 2008

This message: [ Message body ]
Next message: Michel Messerschmidt: "Re: [DSA 1494-1] Still vulnerable?"
Previous message: Florian Weimer: "Re: DSA-1494-1 linux-2.6 for vserver"
In reply to: Jens Schüßler: "Re: [DSA 1494-1] Still vulnerable?"
Next in thread: Michel Messerschmidt: "Re: [DSA 1494-1] Still vulnerable?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:48 EDT