Slashdot Mirror

← Back to Stories (view on slashdot.org)

Local Root Hole in Linux Kernels

Posted by michael on Tuesday March 18, 2003 @08:09AM from the keep-those-users-down dept.

xepsilon writes "A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch."

4 of 495 comments (clear)

Min score:

Reason:

Sort:

Re:Time to patch my IIS^H^H^HKernel by skrowl · 2003-03-18 08:35 · Score: 1, Offtopic

The default configuration of URLScan prevents the WebDAV vulnerability from being exploited. URLScan is a part of the IIS Lockdown tool. For more information about URLScan, visit the following Microsoft Web site: http://www.microsoft.com/technet/security/URLScan. asp

--

Prevent linux based DDOS's!
http://linux.denialofservice.org/
Re:Here's the text of Alans post (minus the .diff) by trollox · 2003-03-18 08:37 · Score: 0, Offtopic

T R O L L
Wow! by tickleboy2 · 2003-03-18 08:51 · Score: 0, Offtopic

Wow! Is it 2003 all ready? :D

--
The only thing that will stop you from fulfilling your dreams is you. - Tom Bradley
Re:It's Tuesday by atomray · 2003-03-18 10:21 · Score: 0, Offtopic

wow, thanks for sharing

--
take your sig and shove it