Re: Serious vulnerability in 2.2 Kernels (fwd)

Thu, 29 Mar 2001 15:49:57 -0500 

Derek,

my machine was owned a couple of weeks ago... 

I'm anxious to quickly upgrade to the newer kernel.  i've just printed
out the kernel how to, but it doesn't seem to address 2.2 kernels...

can you, or anyone else reading this, direct me somewhere where I can
begin the task of upgrading to 2.2.19?

I have to do this on two boxes running VA's version of piglet as well as 
a debian box...


TIA,

J.


On
Thu, 29 Mar 2001, Derek Martin wrote:

> 
> 
> There is a very serious security vulnerability in all Linux Kernel
> versions up to and including Linux 2.2.18.  This vulnerability can be
> exploited easily and trivially by running readily available exploit code
> against any SUID-root executable on the system to allow any local user the
> ability to gain root privileges.
> 
> Linux 2.2.19 was released this week, and is not vulnerable.  Also, all of
> the 2.4 series kernels are not vulnerable.  For more information about
> this vulnerability, see the following links:
> 
>   
>http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D171708%26end%3D2001-03-31%26
>   
>http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D171950%26end%3D2001-03-31%26
>   
>http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D172196%26end%3D2001-03-31%26
> 
> If you have users on your systems who should not have root privileges, you
> definitely need to upgrade your kernel today!
> 
> -- 
> Derek Martin
> Senior System Administrator
> Mission Critical Linux
> [EMAIL PROTECTED] 
> 
> 
> 
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to [EMAIL PROTECTED] (Subject line is ignored).
> 

         -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
           Joshua S. Freeman | preferred email: [EMAIL PROTECTED]  
                   pgp public key: finger [EMAIL PROTECTED]
                          http://www.threeofus.com
                 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-


**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************

Reply via email to