ptrace kernel flaw -- linux module patched
elaine at fwsystems.com
Wed Mar 19 19:30:37 GMT 2003
Dem indicated on irc that he's now integrated the ptrace fix and I see
the patchset version in the DETAILS has been bumped to 1.1
> As most lunar users are probably aware, a local-root vulnerability in
> all kernels from 2.2 to 2.4.20 was announced on lkml this week.
> An exploit was posted to lkml this morning, not surprising, as it's
> not a difficult issue to exploit.
> Because non-root exploits are common, and because many apache
> scripting applications (PHP etc) allow a remote user to give untrusted
> data to a local shell the likelihood that there some systems could be
> vulnerable to remote attack is moderatly high.
> Also, there may be non-root remote exploits that attackers have
> developed and are holding in reserve for appearance of a local
> privilege escalation vulnerability.
More information about the Lunar