Hosting Provided By

Re: [DSA 1494-1] Still vulnerable?

From: Noah Meyerhans <noahm(at)debian.org>
Date: Wed Feb 13 2008 - 14:38:08 EST

On Wed, Feb 13, 2008 at 06:23:16PM -0200, Martin Spinassi wrote:
> > > I just upgraded my linux-source-2.6.18 to 2.6.18.dfsg.1-18etch1_all and
> > > build a new linux-image. But after installing an rebooting I still was
> > > able to become root with this exploit:
> > > http://milw0rm.com/exploits/5092
> > >
> > > Can anyone reproduce this?
> >
> > Not in our tests. Are you sure you're running the new kernel? What
> > does "uname -a" say?
> >
> > Has this machine been upgraded from sarge? Then you need to edit
> > /etc/kernel-img.conf to adjust the path to update-grub (or just use
> > "update-grub" without path).
> >
> I'm using stack kernel in debian etch, upgraded daily, and still vulnerable.
>
> $ uname -a
> Linux kr0sty 2.6.22-3-486 #1 Mon Nov 12 07:53:08 UTC 2007 i686 GNU/Linux

Eh? 2.6.22 isn't in etch at all. Etch includes 2.6.18.

noah

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


application/pgp-signature attachment: Digital signature

Received on Wed Feb 13 14:38:58 2008

This message: [ Message body ]
Next message: Martin Spinassi: "Re: [DSA 1494-1] Still vulnerable?"
Previous message: Martin Spinassi: "Re: [DSA 1494-1] Still vulnerable?"
In reply to: Martin Spinassi: "Re: [DSA 1494-1] Still vulnerable?"
Next in thread: Martin Spinassi: "Re: [DSA 1494-1] Still vulnerable?"
Reply: Martin Spinassi: "Re: [DSA 1494-1] Still vulnerable?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:51 EDT