[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new local kernel hole
On Mon, 14 Jun 2004, Casey Boone wrote:
> yes, i did rtfa, however it did not answer my question. the article
> specifically mentions the 2.6.5 kernel that shipped with fc2, but not the
> 2.6.6 based release i just apt-get upgraded to over the weekend.
>
> all i know for certain about the new fc2 kernel release is that it is close
> to 2.6.7-rc3, but i am not sure if this particular problem is patched
> against on this new kernel release from rh/fc. there are some sites i
> cannot get to from here at work.
Here is the list from the article:
* Linux 2.6.x
o 2.6.7-rc2
o 2.6.6 (vanilla)
o 2.6.6-rc1 SMP (varified by blaise)
o 2.6.6 SMP (verified by riven)
o 2.6.5-gentoo (verified by RatiX)
o 2.6.5-mm6 - (verified by Mariux)
o 2.6.5 (fedora core 2 vanilla)
And yes, while it does not mention your particular case I suspect it
probably is exploitable.
I found this:
http://www.redhat.com/archives/fedora-announce-list/2004-June/msg00017.html
Which identifies an exploit but I don't think it's the one that just came
out (they disabled the patch in the link above because it has an exploit).
You could always compile the exploit and find out ;)
Sean...
--
The punk rock will get you if the government don't get you first.
--Old 97's
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
KG4NRC http://www.rimboy.com Your source for the crap you know you need.
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.