Linux kernel security hole

Paul Melson melson@scnc.holt.k12.mi.us
Thu, 8 Jun 2000 14:22:41 -0400

Previous message: Linux kernel security hole
Next message: Linux kernel security hole
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 08, 2000 at 10:41:25AM -0400, Edward Glowacki wrote:
>    A serious bug has been discovered in the Linux kernel that can be used
>    by local users to gain root access. The problem, a vulnerability in
>    the Linux kernel capability model, exists in kernel versions up to and
>    including version 2.2.15. According to Alan Cox, a key member of the
>    Linux developer community, "It will affect programs that drop setuid
>    state and rely on losing saved setuid, even those that check that the
>    setuid call succeeded."


	For what it's worth, Linux 2.2.16 was released 
	just hours before this made its way to bugtraq.
	If you have local users and haven't installed
	2.2.16 yet, you should, and soon.


PaulM

-- 
							_____________________
							melson@holt.k12.mi.us

Previous message: Linux kernel security hole
Next message: Linux kernel security hole
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]