Hi everyone:
Last week there was some advisories on the Bugtraq mailing list about
three problems with respect to both kernel series 2.2.x and 2.4.x. They
were about two possible local exploits trough sysctl and ptrace, and a
minor bug about machines with Pentium III processors (any local user could
potentially halt the CPU). At least RedHat and Caldera released patched
kernel packages for their distributions.
It seems that Alan Cox included a patch that fixes the sysctl()
vulnerability in 2.2.18-pre9 (I suppose it was really 2.2.19-pre9). But
with respect to the other two vulnerabilities on 2.2.x and the whole three
in kernel series 2.4.x haven't been able to find any information in
neither Bugtraq, nor in the Linux kernel development archives.
Am I missing something here ?.
PS: first message on the list. Don't be too cruel with me :)
--
Jos? Luis Domingo L?pez
Linux Registered User #189436 Debian GNU/Linux Potato (P166 64 MB RAM)
jdomingo AT internautas DOT org => Spam at your own risk
> vulnerability in 2.2.18-pre9 (I suppose it was really 2.2.19-pre9). But
> with respect to the other two vulnerabilities on 2.2.x and the whole th=
> ree
> in kernel series 2.4.x haven't been able to find any information in
> neither Bugtraq, nor in the Linux kernel development archives.
2.2.19pre9 fixes the base ptrace attack, the sysctl bug. The PIII fpu bug
doesnt apply to 2.2 unless you applied the PIII patches to it
2.4.0 didnt have the ptrace bug. The -ac tree has both sysctl and fpu fixed.
I believe the current Linus 2.4.2pre has fpu but not sysctl
fixed