On Wed, 8 Sep 1999, Dylan Griffiths wrote: >John N Dvorak wrote: >> Sven, >> >> I have verified the following platforms: >> >> BSDI 2.1 >> BSDI 3.1 >> BSDI 4.0 >> BSDI 4.0.1 >> Cobalt Linux (MIPS) - RedHat based >> >> All vulnerable. >> >> I am testing on other Linux platforms, but I presume all BSD and >> Linux-based systems are affected. I have no resources to test this on >> Solaris, AIX, HP and System-V based systems. > >Linux x86 does not appear affected, or at least my Slackware distribution >simply choked off the program before it did any damage when run as both >normal and super user. This might have something to do with login limits, >but super user ran it with no ill effects. Kernel 2.2.9 >Is Cobalt Linux using an older kernel? Cobalt Linux is definitely using an older kernel. As far as I know, it is a 2.0.x release for the RaQ2 product. I'll see what kind of details I can get from Cobalt. Using the exploit on a Cobalt RaQ2, most system processes lock, though the machine still responds to pings. The management panel does not respond and the machine must be cold booted. Has anyone verified whether other non BSD-OSes are vulnerable? Specifically, Linux 2.0.x (or any pre-2.2.9) releases? Regards, John Dvorak =========================================== John N Dvorak | dvorakat_private Director of Technology CapuNet, LLC - Corporate Internet Solutions (301) 881-4900 x8018 ===========================================
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:31 PDT