[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: local root exploit in 2.4.29



I have a kernel and afs cache manager available for people to test or otherwise use. Relevant transcripts are:

shared/kernel-1.4.0.T
shared/openafs/openafs-1.2.13-cm-1.4.0.T

patches and the new config have been checked in to cvs on equilibrium.

Albert


On Tue, 7 Jun 2005, Michael C Garrison wrote:


Our current kernel has a local root exploit that was published May 11th.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1263

The proof of concept will crash a machine:
http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt

2.4.31 fixes this, which was released on 2005-06-01. I think that this should be a high priority update that we need to do ASAP.

--
Mike Garrison