Ptrace vulnerability in kernels <2.4.21-pre6

Archaic archaic at indy.rr.com
Tue Apr 22 18:29:57 PDT 2003


This is old news to some, but anyway....

<quoting Alan Cox>

The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole
allows local users to obtain full privileges. Remote exploitation of
this hole is not possible. Linux 2.5 is not believed to be vulnerable.

</quoting>

You can download 2.4.21-pre6 or later, or 2.5.x or patch earlier
kernels. The patch for the 2.4.20 kernel is here:

http://www.hardrock.org/kernel/2.4.20/linux-2.4.20-ptrace.patch

The thread starts here:

http://marc.theaimsgroup.com/?l=linux-kernel&m=104791735604202&w=2

NOTE: This patch is known to break some code out there. For details,
read the thread.

-- 
Archaic

-- 
Non-cooperation with evil is as much a duty as cooperation with good.

- Mohandas Gandhi

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list