[Tfug] Kernel Exploit NOT Debian-specific
Jon
bigj at tfug.org
Mon Dec 1 15:55:57 MST 2003
So I'm assuming that "userland" implies it was an inside job.
Good stuff, Maynard.
Jon
On Mon, 1 Dec 2003, Angus Scott-Fleming wrote:
> Lots of folks here running Debian ... and other distros ...
>
> Developers: Kernel Exploit Cause Of Debian Compromise
> Posted by simoniker on 14:40 Monday 01 December 2003
> from the slightly-disturbing dept.
>
> mbanck writes "The cause of the recent Debian Project
> server compromise has been published by the Debian
> security team: 'Forensics revealed a burneye encrypted
> exploit. Robert van der Meulen managed to decrypt the
> binary which revealed a kernel exploit. Study of the
> exploit by the RedHat and SuSE kernel and security teams
> quickly revealed that the exploit used an integer
> overflow in the brk system call. Using this bug it is
> possible for a userland program to trick the kernel into
> giving access to the full kernel address space'. This
> issue has been fixed in 2.4.23. Thus, the Linux kernel
> compromise was not Debian specific."
>
> http://developers.slashdot.org/article.pl?sid=03/12/01/2133249
>
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> http://www.geoapps.com/
> ---------------------------------------------------------
>
>
> _______________________________________________
> tfug mailing list
> tfug at tfug.org
> http://www.tfug.org/mailman/listinfo/tfug
>
>
More information about the tfug
mailing list