Local Root Hole in Linux Kernels

← Back to Stories (view on slashdot.org)

Local Root Hole in Linux Kernels

Posted by michael on Tuesday March 18, 2003 @08:09AM from the keep-those-users-down dept.

xepsilon writes "A local Linux security hole using ptrace has been discovered that allows a potential attacker to gain root privileges. Linux 2.2.25 has been released to correct this security hole, along with a patch for 2.4.20-pre kernels. 2.4.21 ought to contain this fix, once it is released. 2.5 is not believed to be vulnerable to this security hole. See this email from Alan Cox for details, and a patch."

19 of 495 comments (clear)

Min score:

Reason:

Sort:

woohooo anti-islam crusade in less than 24! by Anonymous Coward · 2003-03-18 08:11 · Score: -1, Offtopic

take off every `zig` for great oil!
Re:If this isn't the first post... by renehollan · 2003-03-18 08:12 · Score: -1, Offtopic

FP. Lucky you.
Or not, depending on your, er, "preferences".

--
You could've hired me.
stephen king has been found dead at age 55 by Anonymous Coward · 2003-03-18 08:13 · Score: -1, Offtopic

stepehn king has been found dead at age 55
1. Re:stephen king has been found dead at age 55 by Jouster · 2003-03-18 08:16 · Score: -1, Offtopic
  
  C'mon, try harder! At least use a link to an unrelated story on CNN.com (or better yet, a story page that doesn't exist). That way, it shows up as "Steven King dead! [cnn.com]".
  
  --J
2. Re:stephen king has been found dead at age 55 by Lxy · 2003-03-18 08:20 · Score: -1, Offtopic
  
  Man, what have these trolls come to. At least that "Alan Thicke is dead" dude takes the time to write a convincing post. This idiot can't even spell Stephen!! /. has digressed to the point where even trolls can't troll correctly.
  
  --
  
  There is no reasonable defense against an idiot with an agenda
  :wq
Mirror of email by Anonymous Coward · 2003-03-18 08:15 · Score: -1, Offtopic

The only comment I see is a first post!!! and it's already slow as hell.
Also read it here for another mirror
MTWTF by Anonymous Coward · 2003-03-18 08:31 · Score: -1, Offtopic

Monday is for IIS patches
Tuesday is for Linux patches
Wednesday is for a Theo rant
Thursday is for an IE hole
Friday is for beer
Re:Time to patch my IIS^H^H^HKernel by skrowl · 2003-03-18 08:35 · Score: 1, Offtopic

The default configuration of URLScan prevents the WebDAV vulnerability from being exploited. URLScan is a part of the IIS Lockdown tool. For more information about URLScan, visit the following Microsoft Web site: http://www.microsoft.com/technet/security/URLScan. asp

--

Prevent linux based DDOS's!
http://linux.denialofservice.org/
Re:Here's the text of Alans post (minus the .diff) by trollox · 2003-03-18 08:37 · Score: 0, Offtopic

T R O L L
Slashdot confirms... by Anonymous Coward · 2003-03-18 08:42 · Score: -1, Offtopic

Trolls are dying, which is good news for everyone.
Wow! by tickleboy2 · 2003-03-18 08:51 · Score: 0, Offtopic

Wow! Is it 2003 all ready? :D

--
The only thing that will stop you from fulfilling your dreams is you. - Tom Bradley
In Soviet Russia... by physman · 2003-03-18 08:51 · Score: -1, Offtopic

Potential atackers get root from you!

Also, why is it only three versions of the kernel (i.e. three 2.x.x's) are at fault, how come 2.3.x isn't? The wonders of kernel devlopment! And I think the link has experieced the /. effect!

--
Murphy's Law of Research: Enough research will tend to support your theory.
1. Re:In Soviet Russia... by Anonymous Coward · 2003-03-18 09:45 · Score: -1, Offtopic
  
  If you're going to do an "IN SOVIET RUSSIA" post, at least make sure you make the subject in all caps. Thanks! AC IN SOVIET RUSSIA
2. Re:In Soviet Russia... by autocracy · 2003-03-18 10:25 · Score: -1, Offtopic
  
  As opposed to getting root from potential attackers? Soviet jokes are just past lame, but shit - you could at least make it so it reads backwards!
  
  --
  SIG: HUP
This just in... by Anonymous Coward · 2003-03-18 08:52 · Score: -1, Offtopic

Stephan "M.C." Hawking found dying faster than Stpehen King!
In other news, dead penis bird is starting to smell!
USA today by Anonymous Coward · 2003-03-18 09:10 · Score: -1, Offtopic

[CNN] Man who did cut his hair by himself was sued by US court for act of terrorism after hairdresser patented every hair cut known to man.
IN SOVIET RUSSIA... by Rudy+Rodarte · 2003-03-18 09:58 · Score: -1, Offtopic

ALAN COX LOGS INTO YOU!!

--
What, me Tweet?
Re:It's Tuesday by atomray · 2003-03-18 10:21 · Score: 0, Offtopic

wow, thanks for sharing

--
take your sig and shove it
Security by Anonymous Coward · 2003-03-18 15:32 · Score: -1, Offtopic

Vishal Mishra writes "The widely used Border Gateway Protocol (BGP) for efficiently routing data through the Internet, is rife with security holes and needs to be replaced. Some 12,000 routers that act as the gateway to approximately 130,000 networks are currently using BGP. A router running BGP can communicate with its neighbors, essentially telling them to which networks the router can efficiently send data. Check out this ZDnet article that says 'A compromised router can cause chaos by advertising itself as the best path to any significant network. That's because routers using BGP implicitly trust their neighbors on the Internet--they don't ask for any sort of digital identification.'"