FanJ
March 22nd, 2003, 06:14 AM
From the Kaspersky Newsletter:
Security Vulnerability Detected In Linux OS
A dangerous vulnerability has been found in certain versions of the
Linux OS.
In a Linux developer's mailing list, Alan Cox, one of the co-developers
who worked with Linus Torvalds to construct the original Linux kernel,
announced a flaw in certain Linux versions that makes it possible for a
local user to gain unauthorized root (full) control. The vulnerability
Cox warns about involves the possible exploit of a hole in the 'ptrace'
debugging tool.
Alan Cox's message covering the flaw can be viewed at the following address:
http://www.spinics.net/lists/kernel/msg162986.html
Affected Linux kernels are versions 2.2 and 2.4. It is important to note
that the 'ptrace' hole is not exploitable remotely.
Fixes: Linux version 2.2.25 specifically contains the fix for version
2.2. There is also a separate patch for 2.4 or users can upgrade to
version 2.5, which is not affected.
For Red Hat Linux, the most widespread Linux distribution, affected
versions are 7.1, 7.2, 7.3 and 8.0. The company has released a patch
fixing the 'ptrace' hole. To get this patch, please go to:
http://rhn.redhat.com/errata/RHSA-2003-098.html?tag=nl
Security Vulnerability Detected In Linux OS
A dangerous vulnerability has been found in certain versions of the
Linux OS.
In a Linux developer's mailing list, Alan Cox, one of the co-developers
who worked with Linus Torvalds to construct the original Linux kernel,
announced a flaw in certain Linux versions that makes it possible for a
local user to gain unauthorized root (full) control. The vulnerability
Cox warns about involves the possible exploit of a hole in the 'ptrace'
debugging tool.
Alan Cox's message covering the flaw can be viewed at the following address:
http://www.spinics.net/lists/kernel/msg162986.html
Affected Linux kernels are versions 2.2 and 2.4. It is important to note
that the 'ptrace' hole is not exploitable remotely.
Fixes: Linux version 2.2.25 specifically contains the fix for version
2.2. There is also a separate patch for 2.4 or users can upgrade to
version 2.5, which is not affected.
For Red Hat Linux, the most widespread Linux distribution, affected
versions are 7.1, 7.2, 7.3 and 8.0. The company has released a patch
fixing the 'ptrace' hole. To get this patch, please go to:
http://rhn.redhat.com/errata/RHSA-2003-098.html?tag=nl