ptrace kernel flaw

elaine forbes elaine at
Wed Mar 19 12:19:22 GMT 2003

As most lunar users are probably aware, a local-root vulnerability in 
all kernels from 2.2 to 2.4.20 was announced on lkml this week.

An exploit was posted to lkml this morning, not surprising, as it's
not a difficult issue to exploit.

Because non-root exploits are common, and because many apache scripting
applications (PHP etc) allow a remote user to give untrusted data to 
a local shell the likelihood that there some systems could be vulnerable
to remote attack is moderatly high.

Also, there may be non-root remote exploits that attackers have
developed and are holding in reserve for appearance of a local privilege
escalation vulnerability.

At this time, 2 of lunar's supported kernel flavors have been patched.

If your system may be vulnerable you should be able to use either
linux-stable or linux-grsec(niki's addition of gr-sec to dem's patchset
have been patched to fix this flaw.


More information about the Lunar mailing list