[SlugBug] SECURITY -- Kernel vunerability

[Ishikodzume]

> apparently lead to root being compromised, and thus a compromised
> machine. 

Just to clarify and stop people panicking - this isn't a remote exploit,
obviously. It requires you already have the ability to execute abitrary
code on the host, via having shell account or exploiting another vuln in
a non-privelidged daemon or some such.

I wouldn't reply, but a simmilar (in consequences) bug was discovered
not too long ago and there was nothing on this list about it... see the
do_brk() bug discovered after the release of 2.4.22. I got the
impression maybe you thought this one was special in some way.

> Time to get patching the kernel (a rare event

Haha, as i said... 2.4.22 wasn't too long ago :)
Incidentally... the kernel developers' handling of that bug was rather
disgusting, IMHO. It was known to be exploitable, a few servers even got
compromised as a result (the Deb server i'm sure you've all heard about,
some others, also), and the changelog for the 2.4.23-pre kernel in which
it was fixed, mentioned nothing of security impact originally. There was
no announcement to security mailing lists of the bug. Instead, they just
stuck the fix in for the next kernel release, and no one even knew about
it until the deb server was compromised.
One hopes they learned their lesson with that one, but i have my
doubts...

Anyway, end of rant.

 - Daniel


-=-=-=-
PGP: http://spacecake.hypermart.net/pgp/ishikodzume.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.email-lists.org/pipermail/slugbug/attachments/20040107/478e5be4/attachment.bin