Here is the more exact finding our security group is concerned with:
There are 2 recently discovered Linux Kernel vulnerabilities that could
result in an attacker gaining elevated privileges on a Linux server. One
involves exploiting the kernel function do_mremap()--insufficient bounds
checking in the mremap system call; the other involves an exploit that
allows an attacker to cause data stored in the kernel memory space to leak
into user space via weaknesses in the real time clock (rtc) routines.
IN both cases the vulnerability can be removed by upgrading the Linux
kernel to version 2.2.24.
Thanks!
Eric Sammons
Marcy Cortes <[EMAIL PROTECTED]>
Sent by: Linux on 390 Port <[EMAIL PROTECTED]>
01/14/2004 01:29 PM
Please respond to Linux on 390 Port
To: [EMAIL PROTECTED]
cc:
Subject: Re: Kernel 2.4.24 available for SLES8?
They issued kernel 2.4.21-94 yesterday. What fix are you looking for?
Marcy Cortes
Wells Fargo Services Company
-----Original Message-----
From: Eric Sammons [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 1:17 PM
To: [EMAIL PROTECTED]
Subject: Kernel 2.4.24 available for SLES8?
We are still working on our support contact so I am not sure I can get the
quick and dirty from SuSE yet, so I wonder does anyone in this group know
the availability status of 2.4.24 for SLES8? Also, anything to watch for
or perhaps a readme for fixes, enhancements etc. . .
Our security folks want us at this level ASAP so if it is available this
could light the fire under our purchasing group.
Thanks!
Eric Sammons
(804)697-3925
FRIT - Unix Systems
