[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Kernel vulnerability



On Sat, Jul 15, 2006 at 04:17:49PM -0400, Benjy Grogan wrote:
 > On 7/15/06, Dawid Gajownik <gajownik gmail com> wrote:
 > >Dnia 07/15/2006 07:03 AM, Użytkownik Dave Jones napisał:
 > >
 > >> There's another vulnerability that has been announced today, and
 > >> another -stable got pushed out this evening.
 > >
 > >You mean CVE-2006-3626? In this mail →
 > >http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047921.html
 > >they suggest mounting /proc as nosuid. Could this be done by default in
 > >FC6+ or does this break some things?
 > >
 > >BTW SELinux can stop this attack →
 > >http://www.redhat.com/archives/fedora-selinux-list/2006-July/msg00071.html
 > >:D
 > 
 > Wow.  That's great to know.  There should be a list of every security
 > vulnerability that SELinux has stopped or limited.  Maybe reported at
 > Fedoranews.org as they occur.  You rarely hear about when SELinux does
 > what it was designed for.

Additionally, this exploit only works with kernels compiled with support
for a.out style executables, which Fedora isn't.  I've got an update
building for 2.6.17.6 anyway, just to stop the inevitable "why hasn't Fedora
been patched" questions.

		Dave

-- 
http://www.codemonkey.org.uk


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]