The default exploit supplied for this does NOT work on Cobalt RaQ3i's and RaQ4r's due to /usr/bin/newgrp *NOT* being SUID root;
(RaQ4) [kevin kevin]$ uname -a Linux ns.darla.co.uk 2.2.16C28_III #1 Mon Jul 30 22:07:58 PDT 2001 i586 unknown [kevin kevin]$ ls -al /usr/bin/newgrp -rwx--x--x 1 root root 5780 Jun 20 2000 /usr/bin/newgrp (RaQ3) [kevin@devel test]$ uname -a Linux devel.darla.co.uk 2.2.16C27_III #1 Thu Jun 14 17:21:17 PDT 2001 i586 unknown [kevin@devel test]$ ls -al /usr/bin/newgrp -rwx--x--x 1 root root 5576 Apr 17 1999 /usr/bin/newgrp su doesn't ship ----- Original Message ----- From: "Jeff Lovell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 18, 2001 11:33 PM Subject: Re: [cobalt-security] Problems with 2.2.19 kernel. Are cobaltkernels patched? > On Thu, 2001-10-18 at 14:34, ProServe - Peter Batenburg wrote: > > > > I have to correct you there. It is a new bug, and not an old one. openwall > > is one of the best kernel dev. group when it comes to security. And this > > has only been released today. > > I think you should give it better study and revise your security policy's. > > Maybe you could check diff's and see what they have changed? Or check with > > kernel mailing lists? > > I apologize, I hadn't read my mail from Bugtraq as of yet. I have > forwarded the details off the appropriate kernel maintainers here, and I > will update any information that comes available. > > Jeff > > -- > Jeff Lovell > Sun Microsystems Inc. > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
