[TriLUG] Kernel Exploit?
Dan Chen
crimsun at email.unc.edu
Thu Oct 17 19:21:21 EDT 2002
On Thu, Oct 17, 2002 at 04:08:33PM -0400, Sinner from the Prairy wrote:
> Has anyone seen this today?
> http://online.securityfocus.com/archive/1/295773/2002-10-14/2002-10-20/0
While I wouldn't _disregard_ the above, it does seem highly improbable
-- not impossible, however -- that through a fragmented packet being
mishandled you could smash the stack and then do all the fun things a
userspace daemon has to do to setup a remote root shell.
The thread at
http://online.securityfocus.com/archive/1/295855/2002-10-14/2002-10-20/1
outlines this pretty well imo.
If you're keeping current on patches, I don't think you have to worry
yourself over _this particular case_.
(There are number of errors in the report, or perhaps they are typos? I
would think grevious errors, since at least one response has noted
correctly that 2.4.20pre20 doesn't exist [only -pre11 thus far].
Furthermore, most of the security auditing that would have made such an
exploit "probable" went in on the -pre2, -pre8, and -pre9 merges from
Alan Cox, who has had them in -ac for a while.)
-Dan
--
Dan Chen crimsun at email.unc.edu
GPG key: www.unc.edu/~crimsun/pubkey.gpg.asc
More information about the TriLUG
mailing list