Confirm? New local root exploits
Alan Cox
alan at redhat.com
Fri Jan 7 22:52:02 UTC 2005
On Fri, Jan 07, 2005 at 05:43:29PM -0500, Will Backman wrote:
> Anyone tried the recently announced local root exploits against Fedora
> Core? Do the stack protections and other stuff protect the Fedora
> Kernel?
Not in this case
> I've manage a university shell server with many many student accounts.
> Scared....
Its fixed in 2.6.10-ac6 along with the following
- DoS/oops in setsid (user triggerable)
- Coda unverified user data (only if using Coda)
- XFS unverified user data (only if using XFS)
- Bridge ioctl (only if using bridge and already net_admin)
- Rose ioctl (only if using rose and already net_admin)
- SDLA firmware ioctls (only if net_admin and using sdla)
More information about the test
mailing list