[rsbac] <2.4.24 hole
Amon Ott
ao at rsbac.org
Fri Feb 20 10:16:41 CET 2004
On Donnerstag, 19. Februar 2004 17:13, Bencsath Boldizsar wrote:
> If anyone has not read the news lately, a new (18.feb.2004) kernel hole is
> fixed in 2.4.25. If anyone does not want to wait for a new
> /enteryourfavoritepatchhere/ kernel version, the attached patch solves the
> problem on 2.4.24.
> http://linux.bkbits.net:8080/linux-2.4/patch@1.1323?nav=index.html|
ChangeSet at -1d|cset at 1.1323
>
> sample exploit:
> http://www.derkeiler.com/Mailing-Lists/Securiteam/2004-02/0052.html
>
> (on my grsec+rsbac patched 2.4.24 with grsecurity memory randomization
> turned on it seems that this exploit results a segfault and a kernel error
> message on the mmap.c)
Thanks for warning and patch!
More info:
http://lists.netsys.com/pipermail/full-disclosure/2004-February/017492.html
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list