Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu, 11 Nov 2004 18:22:18 +0100
From: Andreas Ericsson <ae@....se>
To: owl-users@...ts.openwall.com
Subject: Re: iSEC advisory about binfmt_elf

Ilya Andreiv wrote:
> Hello owl-users,
> 
> This advisory comes from the following location :
> http://isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
> 
> Is 2.4.27-ow1 kernel affected?
> 

Yes, but the setuid binaries on the system are far fewer than those of 
most other distributions and none of them exec() other programs so 
impact is greatly reduced. The Linux kernel team (Linus Torvalds et al, 
not the Owl patchers) were the ones that disclosed the vulnerability, so 
2.4.28 should be out fairly soon to fix this problem.

-- 
Andreas Ericsson                   andreas.ericsson@....se
OP5 AB                             www.op5.se
Lead Developer

Powered by Openwall GNU/*/Linux - Powered by OpenVZ