Confirm? New local root exploits
Alan Cox
alan at redhat.com
Fri Jan 7 23:37:42 UTC 2005
On Sat, Jan 08, 2005 at 12:16:00AM +0100, Szabó Ákos wrote:
> Brad Spengler send a mail to the grsecurity list, and He wrote:
>
> 3) 2.4/2.6 random poolsize sysctl handler integer overflow
> 4) 2.6 scsi ioctl integer overflow and information leak
> 5) 2.2/2.4/2.6 moxa serial driver bss overflow
> 6) 2.4/2.6 RLIMIT_MEMLOCK bypass and (2.6) unprivileged user DoS
> 7) Attachments, including patches for all vulns, a POC for #3, and a
> working exploit for #6
>
> He talk about 2.4.28, and 2.6.10. If You want, I can forward the whole
> message.
>
> The -ac6 patch fixed those problems?
-ac7 (as of about 5 mins ago)
The real 3. Given Moxa doesnt even compile in 2.6 that didn't make sense. Also
moxa had a more serious hole he missed.
It seems to be security day. -ac8 will fix another hole or two (less serious)
probably tomorrow.
More information about the fedora-test-list
mailing list