Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Jun 2014 07:16:34 +0000
From: Sven Kieske <S.Kieske@...twald.de>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Re: CVE-2014-4014: Linux kernel user namespace
 bug

Am 17.06.2014 23:47, schrieb Andy Lutomirski:
> On Tue, Jun 10, 2014 at 2:49 PM, Andy Lutomirski <luto@...capital.net> wrote:
>> The internal function inode_capable was used inappropriately.
>> Depending on configuration, this may be usable to escalate privileges.
>> A cursory inspection of my Fedora box suggests that it is not
>> vulnerable to the obvious way to exploit this bug.
>>
>> The fix should appear in Linus' -master shortly, and it's tagged for
>> stable.  In the mean time, I've attached it here.
>>
> 
> The commit that fixes this is:
> 
> 23adbe12ef7d3d4195e80800ab36b37bee28cd03

Do you happen to know in which kernel version
this bug got introduced?

Thanks in advance!

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ