On Mon, 9 Jun 2003, Helmar wrote: > I just upgraded my kernel image from 2.4.18-k6 to 2.4.18-1-k6 and i > cannot confirm that the above bug has been fixed. The simple exploit (i > think it has been from bugtraq) is still working fine, giving every > local user easily root privileges. >
take the setuid flag off the binary that was created from the code, and you'll find the exploit doesn't work anymore. the exploit sets itself setuid root when it is run on a vulnerable system. Mike
