Security Vulnerability Detected In Linux: ptrace

Discussion in 'other security issues & news' started by FanJ, Mar 22, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    From the Kaspersky Newsletter:

    Security Vulnerability Detected In Linux OS
    A dangerous vulnerability has been found in certain versions of the
    Linux OS.

    In a Linux developer's mailing list, Alan Cox, one of the co-developers
    who worked with Linus Torvalds to construct the original Linux kernel,
    announced a flaw in certain Linux versions that makes it possible for a
    local user to gain unauthorized root (full) control. The vulnerability
    Cox warns about involves the possible exploit of a hole in the 'ptrace'
    debugging tool.

    Alan Cox's message covering the flaw can be viewed at the following address:
    http://www.spinics.net/lists/kernel/msg162986.html

    Affected Linux kernels are versions 2.2 and 2.4. It is important to note
    that the 'ptrace' hole is not exploitable remotely.

    Fixes: Linux version 2.2.25 specifically contains the fix for version
    2.2. There is also a separate patch for 2.4 or users can upgrade to
    version 2.5, which is not affected.

    For Red Hat Linux, the most widespread Linux distribution, affected
    versions are 7.1, 7.2, 7.3 and 8.0. The company has released a patch
    fixing the 'ptrace' hole. To get this patch, please go to:
    http://rhn.redhat.com/errata/RHSA-2003-098.html?tag=nl
     
Loading...
Thread Status:
Not open for further replies.