Re: DoS and Root Compromise Kernel Bug?

Alan Cox (alan@lxorguk.ukuu.org.uk)
Sun, 21 Oct 2001 13:42:11 +0100 (BST)


> Yesterday Rafal Wojtczuk posted to BugTraq regarding two kernel bugs:
>
> http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
>
> I'm curious to understand more about these bugs. I.E., are they real? And,
> are they fixed in 2.4.12 as claimed? How about in the -ac series?

2.4.12 / 2.4.12-ac have both fixed.
2.2.20 is still pending but will fix it

> The second bug allows for a root compromise via ptrace. The requirements are
> that /usr/bin/newgrp be suid root (as in my RedHat 7.0 server), and that newgrp
> not prompt for a password when run without arguments (again, as is the case with
> my RedHat 7.0 server). Rafal says the attack only appears to work on Linux.

So far yes. The FreeBSD folks and others were also made privy to the problem
well before he published it to bugtraq and seem to be completely in the
clear.

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/