Bugtraq mailing list archives
Re: [RHSA-2001:013-05] Three security holes fixed in new kernel
From: Solar Designer <solar () OPENWALL COM>
Date: Fri, 9 Feb 2001 20:40:48 +0300
On Thu, Feb 08, 2001 at 06:03:00PM -0500, bugzilla () REDHAT COM wrote:
Thanks to Solar Designer for finding the sysctl bug, and for the versions of the sysctl and ptrace patches we used.
Thanks for crediting me, but actually it's Chris Evans who found the sysctl bug that affects Linux 2.2. I only provided patches. I found a very similar sysctl "signedness" bug a few years back, fixed in Linux 2.0.34, but it's not an issue on Linux 2.2. So all credit for the discovery of this new bug is to Chris Evans. As I am posting this anyway, -- these two fixes (but _not_ the DoS one, yet) are included in 2.2.18-ow4 and 2.0.39-ow2 patches, which I've just released: http://www.openwall.com/linux/ Actually, 2.0.39 only needed the execve/ptrace race condition fix. -- /sd
Current thread:
- [RHSA-2001:013-05] Three security holes fixed in new kernel bugzilla (Feb 10)
- Re: [RHSA-2001:013-05] Three security holes fixed in new kernel Solar Designer (Feb 10)