Package: kernel-source-2.6.7 Version: 2.6.7 A user with a local account can change the owner and the permissions of files in /proc. Affected is at least kernel 2.6.7, but possibly all 2.6.x kernels.
hydra proc $ cd /proc hydra proc $ ls -la config.gz -r--r--r-- 1 root root 6354 3. Jul 23:25 config.gz hydra proc $ chown joerg config.gz hydra proc $ ls -la config.gz -r--r--r-- 1 joerg root 6354 3. Jul 23:25 config.gz hydra proc $ chown root config.gz hydra proc $ ls -la config.gz -r--r--r-- 1 root root 6354 3. Jul 23:26 config.gz hydra proc $ chmod o+x config.gz hydra proc $ ls -la config.gz -r--r--r-x 1 root root 6354 3. Jul 23:46 config.gz hydra proc $ SuSE mentioned this bug in http://article.gmane.org/gmane.comp.security.bugtraq/12316, so there should be a patch around. J�rg -- Fachbegriffe der Informatik (Nr 369): Ursache - Urs�chlich war, dass Windows nicht neu gestartet wurde. Michael Scheer
