Flaws in recent Linux kernels

Frank Tiemann ft at sinneswandel.de
Fri Oct 19 06:55:10 PDT 2001


> This ptrace exploit works very well on kernel equal or under 2.2.18.
> Look inside the source code : it uses passwd program by default.
> You can change it by another program with the +s flag like ping (tested)
> (#define VICTIM "/usr/bin/passwd" )

sorry, this is a new exploit, published yesterday (or so) on buqtraq. and 
yes, its tested with ping and other setuid-progs - didnt work with 
2.2.19+ow+stealth, 2.4.6, 2.4.10, 2.4.12+preempt on my systems.

> Heimdall


CoreOS 1.2.0 hat diese E-Mail auf Viren ueberprueft.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list