On Tue, Dec 09, 2003 at 01:57:24AM +0530, Shivaji Navale wrote:
> Dear Horms,
>
> On Sun, 7 Dec 2003, Horms wrote:
>
> > On Sat, Dec 06, 2003 at 04:20:44PM +0530, Shivaji Navale wrote:
> > >
> > >
> > > I was surprised to see the do_brk vulnerabilty wasnt exploitable on the
> > > kernel source from ultramonkey (2.4.20-18.8.um.1custom).
> > >
> > > I tried it on all real servers. Although i tried after reinstalling the
> > > kernels on real-servers, but before rebooting them.
> > > The output of the /proc/pidof executable/maps was also as mentioned.
> > > Yet to try it on director.
> > >
> > > I would also like to add that the ptrace vulnerability present for the
> > > kernel version installed on real servers, was also not exploitable in that
> > > the suid shell to be givento user programs just died out.
> > > Although the kernel version then was not the ultramonkey one. and the
> > > vulnerability got exploited on director by doing su - username (as logins
> > > were not allowed on director)
> > >
> > > How is it so.
> >
> > Hi,
> >
> > I am currently working on some new kernel packages for ultramoneky on
> > Debain which will be the Debain 2.4.22 kernel + lvs + the hidden
> > interface patch + a patch for the do_brk bug. I appologise
> > for this taking so long. Please be patient.
> >
>
> Actually what i meant was the vulnerabilities were *NOT*
> EXploitable on the similar release.
> And not that i wanted a new release ;)
Ahh, sorry I mis-read your email. Very interesting information, thanks.
--
Horms
|