Slashdot Mirror

← Back to Domains

Domain: isec.pl

Stories and comments across the archive that link to isec.pl.

Stories · 9

  1. No ELF Vulnerability in 2.6 Kernel

    It · Bug · · posted by Hemos · from the good-news-bear dept. · 86 comments
    gaijincory writes "Greg KH, the co-maintainer of the 2.6 kernel has posted a comment on lwn.net confirming that there is indeed no such ELF vulnerability as spelled out by Paul Starzetz on isec. The bug was originally thought to be particularly nasty, allowing a malicious user to gain elevated privileges using a carefully crafted binary which would exploit the kernel's Executable and Linking Format. The bug's author confirmed that no one has been able to repro the exploit."

  2. Local Root Exploit in Linux 2.4 and 2.6

    Linux · Security · · posted by michael · from the without-users-this-wouldn't-be-a-problem dept. · 795 comments
    Anonymous Coattails writes "Summary from the advisory: 'Locally exploitable flaws have been found in the Linux binary format loaders' uselib() functions that allow local users to gain root privileges.'"

  3. Security Issues in Mozilla

    Tech · Mozilla · · posted by michael · from the better-than-IE dept. · 454 comments
    paulius_g writes "SecurityFocus has released a security warning with three problems that affect Mozilla on all platforms. The first issue allows the source of a download to be spoofed, generating a fake URL. This security issue is really easy to replicate: Create a long URL and the downloading box will only display its ending (Mozilla and Firefox). The second issue was created by the way that Mozilla's browsers handle news:// links to newsgroups, hackers can easily create false links and create a buffer overflow (Mozilla 1.7.5 and below, Firefox versions before 1.0). The third exploit affects machines with multiple users. The way that Firefox and Thunderbird store files allows every user to see them and to probably catch the other user's surfing habits (Firefox and Thunderbird). Let's hope that these will be fixed soon!"

  4. Linux 2.4.28 Kernel Released

    Linux · Announcements · · posted by timothy · from the 2-16-2-32-2-64-2-128 dept. · 47 comments
    An anonymous reader submits "After numerous exploits were released, the Linux kernel team has released 2.4.28. (ChangeLog). Stefan Esser detailed numerous exploits in the 2.x smbfs; other exploits were reported earlier in the week."

  5. New Linux Kernel Vulnerability

    Linux · Bug · · posted by CmdrTaco · from the well-thats-just-not-pleasant dept. · 486 comments
    Stop Or I'll Noop writes "Paul Starzetz writes, "A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap(2) system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2003 except concerning the same internal kernel function code." Full scoop here." Update: 03/07 20:53 GMT by T : This vulnerability (and fixes) were mentioned briefly in an update to this earlier posting.

  6. Behind the Scenes in Kernel Development

    Linux · Programming · · posted by michael · from the knit-one-perl-two dept. · 139 comments
    An anonymous reader writes "Some interesting changes took place in the way the Linux kernel is developed and tested. In many ways, the methods used to develop the Linux kernel are much the same today as they were 3 years ago. However, several key changes have improved overall stability as well as quality. This article takes a look behind the scenes at the tools, tests, and techniques -- from revision control and regression testing to bugtracking and list keeping -- that helped make 2.6 a better kernel than any that have come before it." We might as well mention here (again) that a couple of new kernels are out: leif.singer writes "2.6.3 and 2.4.25 are out, fixing another vulnerability in do_mremap()."

  7. Linux Kernel 2.6.3 Has Been Released [updated]

    Developers · Os · · posted by timothy · from the shhhh dept. · 72 comments
    justinarthur writes "At 04:36 UTC, Linux kernel version 2.6.3 has been made available. As is typical, downloaders are advised to utilize a mirror upon file availability. There are many changes from version 2.6.2, including recent ALSA patches, XFS fixes, and updates in many other areas." Update: 02/18 14:15 GMT by T : Peter Willis points out that kernel 2.4.25 (changelog) was also released, and writes "Incidentally, a security advisory dated today states there is an exploit in kernels up to 2.4.24 and 2.6.2, but the two releases today don't seem to reflect any changes, so get ready to patch up as soon as a patch pops up. More details on the vulnerability here."

  8. Linux 2.4.24 Release Fixes Root Vulnerability

    Linux · Security · · posted by simoniker · from the version-plus-plus dept. · 436 comments
    diegocgteleline.es writes "Linux Kernel 2.4.24 has been released and is available on kernel.org. It seems there's a bug in the mremap(2) system call, where a local user can get root privileges.The new version has been released only with the most important bugs fixed - the rest of the changes have been postponed (those changes include the XFS filesystem)."

  9. Packet Juggling - Floating Data Storage

    Tech · Programming · · posted by Hemos · from the utility-computing dept. · 148 comments
    Filthmaster writes "I just saw an interesting paper that has been posted to bugtraq, full-disclosure and vulnwatch. It deals with the principles of stealthily using network infrastructure as either short-term or long-term storage. Not sure if I'm ready to implement it, but it makes interesting food for thought." There's also a mirror up.