Re: [SECURITY] [DSA 052-1] New sendfile packages fix root exploit

From: Florian Weimer (Florian.Weimerat_private-STUTTGART.DE)
Date: Wed May 02 2001 - 02:24:01 PDT

Next message: EnGarde Secure Linux: "[ESA-20010426-01] openssl vulnerabilities"

Previous message: Lincoln Yeoh: "Re: Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

debian-security-announceat_private writes:

> Package        : sendfile
> Vulnerability  : broken privileges dropping
> Problem-Type   : local root exploit
> Debian-specific: no

The author, Ulli Horlacher, released an updated version of sendfile
which corrects these problems a few months ago.  It's available from:

ftp://ftp.belwue.de/pub/unix/sendfile/

--
Florian Weimer 	                  Florian.Weimerat_private-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Next message: EnGarde Secure Linux: "[ESA-20010426-01] openssl vulnerabilities"
Previous message: Lincoln Yeoh: "Re: Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 02 2001 - 08:52:33 PDT