Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Wed, 18 Feb 2004 09:56:16 -0600
From: "Steve Bremer" <steveb@...coinc.com>
To: <owl-users@...ts.openwall.com>
Subject: Re: New mremap vulnerability

Excellent.  Thanks Solar, you save me from another day or two of the
build/test/patch cycle.

Steve Bremer
NEBCO, Inc.
System & Security Administrator

>>> solar@...nwall.com 02/18/2004 9:42:19 AM >>>
On Wed, Feb 18, 2004 at 09:15:24AM -0600, Steve Bremer wrote:
> 	After reviewing the 2.4.24 -> 2.4.25 patch, it appears to me
> that those of us using either the 2.4.23-ow2 or 2.4.24-ow1 kernel
> patches are not affected by this latest mremap security bug.  Can
you
> confirm this?  In fact, it looks like the code from the Openwall
kernel
> patches in 2.4.25.

Confirmed.

I don't know why Paul chose to not mention it in his Bugtraq
announcement,
he was aware that 2.4.23-ow2+ has this fixed.

-- 
Alexander Peslyak <solar@...nwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D
3598
http://www.openwall.com - bringing security into open computing
environments

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux