Skip to comments.
Linux Security Hole
/. ^
| 03/17/03
| Alan Cox
Posted on 03/18/2003 1:16:44 PM PST by Salo
Vulnerability: CAN-2003-0127
The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Linux 2.5 is not believed to be vulnerable.
Linux 2.2.25 has been released to correct Linux 2.2. It contains no other changes. The bug fixes that would have been in 2.2.5pre1 will now appear in 2.2.26pre1. The patch will apply directly to most older 2.2 releases.
(Excerpt) Read more at marc.theaimsgroup.com ...
TOPICS: Technical
KEYWORDS: linux; security
Navigation: use the links below to view more comments.
first 1-20, 21-25 next last
Hope this isn't a repost. Looks like more patching.
1
posted on
03/18/2003 1:16:44 PM PST
by
Salo
To: rdb3
Pinging the Penguin Pinger.
2
posted on
03/18/2003 1:17:09 PM PST
by
Salo
(When we go to Iraq, there will not be enough of them left to bury the dead.)
To: Salo; Bush2000; PatrioticAmerican; HiTech RedNeck
Bump
To: Bush2000
Now you can have your fun.
4
posted on
03/18/2003 1:18:06 PM PST
by
Salo
(When we go to Iraq, there will not be enough of them left to bury the dead.)
To: Salo
A problem, but not as big a deal as the IIS hole yesterday because it isn't remotely exploitable. You have to be logged in to the system. The thread on Slashdot also offers some easy work-arounds until you can get them patched.
Also unlike the IIS patch, this one is not known to have been exploited (yet). Alan Cox apparently noticed it while working on something else.
To: Salo
Who cares. Ongoing security is a fact of life. All software needs to be patched. You'd think (based on Slashdot) that this was a MS-only phenomenon...
6
posted on
03/18/2003 1:34:52 PM PST
by
Bush2000
To: Salo
It shouldn't really be a problem if ptrace is not remotely exploitable; but if the system is accessed remotely FIRST, then a hack could be done as a local user through ptrace, no?
I'm still learning the ropes here, so I haven't got the low down on this one. Just thinking that if I were hacking, I'd hack into an open port and THEN use ptrace if it were available to make me root. But if ptrace is exploitable through local user, would it be possible for the admin to set stricter parameters through the user settings?
I guess I should patch just to be safe...
7
posted on
03/18/2003 1:52:31 PM PST
by
dandelion
To: Bush2000
As long as MicroSoft owns the lions share of the market, it will always be targeted by worms, attacks, etc., and therefore will always appear to have the most "holes" in it's security.
If or when Linux becomes the most common network OS, it will become increasingly targeted, when that happens you can be sure that new "holes" will be found in it as well.
There was a time when UNIX was the preffered target of hackers, security updates and audits were performed almost daily.
8
posted on
03/18/2003 2:05:20 PM PST
by
HEY4QDEMS
To: HEY4QDEMS
Both Windows and Linux are victims of their own success.
9
posted on
03/18/2003 2:06:11 PM PST
by
Liberal Classic
(Quemadmoeum gladis nemeinum occidit, occidentis telum est.)
To: Bush2000
Precisely.
The sheer volume of Windows as compared to Linux makes the chance that a security flaw will be found that much greater.
10
posted on
03/18/2003 2:07:31 PM PST
by
hchutch
("Last suckers crossed, Syndicate shot'em up" - Ice-T, "I'm Your Pusher")
To: HEY4QDEMS
11
posted on
03/18/2003 2:13:38 PM PST
by
Bush2000
To: Bush2000
That's exactly the point, most security weaknesses are exposed because someone was determined enough to expose them.
You don't have to tell me about Apache, we run Oracle App server (can you guess what the base app is, I'll give you a hint, it's not Soiux, or Seminole)
To: HEY4QDEMS
Oracle: Unbreakable (TM)
BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!!!!
13
posted on
03/18/2003 2:23:10 PM PST
by
Bush2000
To: HEY4QDEMS
14
posted on
03/18/2003 3:26:36 PM PST
by
Bush2000
To: Bush2000
See what I have in my firewall logs?
03/16-21:47:09.640864 [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] {UDP} XXX.XXX.XXX.XX:1211 -> XX.XXX.XX.XXX:1434
I have been getting at least one of these every day for about a week now.
15
posted on
03/18/2003 4:00:46 PM PST
by
amigatec
(There are no significant bugs in our software... Maybe you're not using it properly.- Bill Gates)
To: Salo
I'm a little confused. 2.4.20 is supposed to be vulnerable to this, but I cannot reproduce it.
16
posted on
03/18/2003 4:05:34 PM PST
by
B Knotts
To: Bush2000
17
posted on
03/18/2003 4:13:10 PM PST
by
amigatec
(There are no significant bugs in our software... Maybe you're not using it properly.- Bill Gates)
To: Salo
French Air Force Security Hole
18
posted on
03/18/2003 4:17:53 PM PST
by
sonofatpatcher2
(Love & a .45-- What more could you want, campers? };^)
To: amigatec; Bush2000
What kind of access is needed to install each kit? Windows is easier to victimize since more users run routinely with admin privs than Linux users run routinely as root. Linux is a far simpler core operating system than Windows, pushing more of the complexity to unprivileged processes, so Linux simply has fewer cracks and crevices for malware to hide.
To: amigatec
Whoopie. I hope you're patched to thwart the Linux Slammer worm, troll ...
20
posted on
03/18/2003 10:05:04 PM PST
by
Bush2000
Navigation: use the links below to view more comments.
first 1-20, 21-25 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson