Date: Wed, 18 Jun 2014 07:16:34 +0000 From: Sven Kieske <S.Kieske@...twald.de> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: Re: CVE-2014-4014: Linux kernel user namespace bug Am 17.06.2014 23:47, schrieb Andy Lutomirski: > On Tue, Jun 10, 2014 at 2:49 PM, Andy Lutomirski <luto@...capital.net> wrote: >> The internal function inode_capable was used inappropriately. >> Depending on configuration, this may be usable to escalate privileges. >> A cursory inspection of my Fedora box suggests that it is not >> vulnerable to the obvious way to exploit this bug. >> >> The fix should appear in Linus' -master shortly, and it's tagged for >> stable. In the mean time, I've attached it here. >> > > The commit that fixes this is: > > 23adbe12ef7d3d4195e80800ab36b37bee28cd03 Do you happen to know in which kernel version this bug got introduced? Thanks in advance! -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ