|
On Sat, Dec 06, 2003 at 04:20:44PM +0530, Shivaji Navale wrote:
>
>
> I was surprised to see the do_brk vulnerabilty wasnt exploitable on the
> kernel source from ultramonkey (2.4.20-18.8.um.1custom).
>
> I tried it on all real servers. Although i tried after reinstalling the
> kernels on real-servers, but before rebooting them.
> The output of the /proc/pidof executable/maps was also as mentioned.
> Yet to try it on director.
>
> I would also like to add that the ptrace vulnerability present for the
> kernel version installed on real servers, was also not exploitable in that
> the suid shell to be givento user programs just died out.
> Although the kernel version then was not the ultramonkey one. and the
> vulnerability got exploited on director by doing su - username (as logins
> were not allowed on director)
>
> How is it so.
Hi,
I am currently working on some new kernel packages for ultramoneky on
Debain which will be the Debain 2.4.22 kernel + lvs + the hidden
interface patch + a patch for the do_brk bug. I appologise
for this taking so long. Please be patient.
--
Horms
|
