Bugtraq mailing list archives

2.2.14 Kernel exec/open bug (?)

From: cracker () CRACKER HU (The Cr0W)
Date: Fri, 5 May 2000 13:31:04 -0400


Hello,

While browsing the redhat updates pages yesterday i've found
http://www.redhat.com/support/errata/RHBA-2000018-10.html which reads:

"2. Problem description:
       The following problems have been fixed in this kernel release:
[...]
4.Exec bug fixes a problem where any user on the system could open any file or
device
           for side effects on open()"

I couldn't obtain any information on this bug on linux.com, slashdot.org,
linuxhq.com, securityfocus, etc., so if someone can tell me more about this,
drop an email to anyad () kapu hu please!

Regards,
Tamas Foldi

. . _ __ _____________________________________________________ __ _ . .
Foldi Tamas - Perl Programmer - Unix System Administrator - WWW.KAPU.HU
tamas () kapu hu / crow () linuxfreak com / (+3630) 221-7477 / PGP:0x6C244D70
 For more info about hungarian security scene, conntact Anyad SDI team

Current thread:

Possible issue with Cisco on-line help?, (continued)
- Possible issue with Cisco on-line help? Fernando Montenegro (May 02)
  - Re: Possible issue with Cisco on-line help? Fernando Montenegro (May 04)
    - Re: Possible issue with Cisco on-line help? Lisa Napier (May 09)
- 4ward:It's a blue world! deepquest () NETSCAPE NET (May 02)
- Denial of service attack against tcpdump bretonh () PARANOIA PGCI CA (May 02)
  - Re: Denial of service attack against tcpdump antirez (May 03)
  - Re: Denial of service attack against tcpdump Sebastian (May 03)
  - Re: Denial of service attack against tcpdump Dragos Ruiu (May 03)
  - Re: Denial of service attack against tcpdump Gerald Combs (May 03)
  - "ILOVEYOU" virus analysis Steve Wolfe (May 04)
  - 2.2.14 Kernel exec/open bug (?) The Cr0W (May 05)
  - Re: Denial of service attack against tcpdump Hugo.van.der.Kooij () CAIW NL (May 09)
- glibc resolver weakness antirez (May 02)
  - Re: glibc resolver weakness Bennett Todd (May 03)
  - Re: glibc resolver weakness Valdis.Kletnieks () VT EDU (May 03)
  - Re: glibc resolver weakness Andrew Brown (May 03)
  - Cayman 3220-H DSL Router DOS cassius () HUSHMAIL COM (May 05)
- Fun with UltraBoard V1.6X rudi carell (May 03)
  - Fwd: tcpdump workaround against dnsloop exploit. THE INFAMOUS (May 03)
    - Re: tcpdump workaround against dnsloop exploit. David Schwartz (May 06)
    - NetBSD Security Advisory 2000-002 Daniel Carosone (May 06)

(Thread continues...)