There is a very serious security vulnerability in all Linux Kernel
versions up to and including Linux 2.2.18. This vulnerability can be
exploited easily and trivially by running readily available exploit code
against any SUID-root executable on the system to allow any local user the
ability to gain root privileges.
Linux 2.2.19 was released this week, and is not vulnerable. Also, all of
the 2.4 series kernels are not vulnerable. For more information about
this vulnerability, see the following links:
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D171708%26end%3D2001-03-31%26
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D171950%26end%3D2001-03-31%26
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fthreads%3D0%26list%3D1%26start%3D2001-03-25%26fromthread%3D0%26mid%3D172196%26end%3D2001-03-31%26
If you have users on your systems who should not have root privileges, you
definitely need to upgrade your kernel today!
--
Derek Martin
Senior System Administrator
Mission Critical Linux
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
