Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu, 11 Nov 2004 20:39:43 +0300
From: Ilya Andreiv <ilya@...ter.homelinux.net>
To: Andreas Ericsson <owl-users@...ts.openwall.com>
Subject: Re: iSEC advisory about binfmt_elf

Hello Andreas,

Thursday, November 11, 2004, 8:22:18 PM, you wrote:

>> Is 2.4.27-ow1 kernel affected?
> Yes, but the setuid binaries on the system are far fewer than those of
> most other distributions and none of them exec() other programs so 
I have sudo installed in my system but now i restrict it to wheel
group.

> impact is greatly reduced. The Linux kernel team (Linus Torvalds et al, 
> not the Owl patchers) were the ones that disclosed the vulnerability, so 
> 2.4.28 should be out fairly soon to fix this problem.
But 2.4.28-rc2 contains buggy code...



-- 
Best regards,
 Ilya                            mailto:ilya@...ter.homelinux.net

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux