Eli Kara wrote:

As for the kernel bug that triggered this discussion - I can't seem to
locate whether it still affects us or not. Do you have any proof of
concept for the bug so I can test?

Shachar



Shachar and Shlomi,

As pointed out by Noam, the vulnerability is the binfmt_elf vulnerability that was discovered recently (about 20 days ago) which affects the Linux kernel versions 2.6.9 and prior.

The article in SecuriTeam not only contains an analysis but also a proof of concept for you to experiment with in order to test your system.

The article can be found at:
http://www.securiteam.com/unixfocus/6B00F1PBPY.html

Regards,



Does this

[EMAIL PROTECTED]:~$ ./poc /usr/bin/passwd

core dumped!

mean we are not vulnerable?

         Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
http://www.lingnu.com/



Reply via email to