Really nasty Linux security bug
troy
fryman at sonic.net
Fri Oct 19 14:49:47 PDT 2001
A little clarification:
quote from the original advisory:
> In order to exploit this kernel vulnerability, one needs a setuid
> root binary which execs an user-defined binary (or a shell). Newgrp is
> appropriate on most distributions.
For reference:
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221595
ptrace rides again...
-ta
On Fri, Oct 19, 2001 at 02:37:53PM -0700, troy wrote:
>
> On Fri, Oct 19, 2001 at 02:31:36PM -0700, E Frank Ball wrote:
>
> > The ptrace problem is easily fixed. Log in as root and:
> > chmod u-s /usr/bin/newgrp
>
> Uhhhm, as i understand it the exploit requires a SUID binary. newgrp is
> just a convenient helper, not the source of the problem.
>
> -t
More information about the talk
mailing list