?

Log in

No account? Create an account
Linux Community's Journal
 
[Most Recent Entries] [Calendar View] [Friends View]

Wednesday, March 6th, 2002

Time Event
11:58p
local security notice
There has been a recently discovered hole in linux that affects all 2.2
and 2.4 versions. It allows the attacker to kill any process. I urge
you to patch your systems as soon as possible. I've put a patch for the
hole up on the website in the download section. It was patched against a
clean 2.4.18 kernel, but patches fine against a grsecurity patched
kernel, so don't worry about the offset message it gives you.

-Brad

> Do you have any more information on this?
Yes, it's a bug in linux's binary compatability code (iBCS) which is
used in other oses as well...freebsd comes to mind. The bug is x86
specific. The problem is in arch/i386/kernel/traps.c Though I'm not
sure of it, I think the bug may be similar to the ones found in most
other UNIX oses related to the LDT (local description table), which
appeared quite some time ago (around the time of openbsd 2.8).

-Brad



The patch is available on http://www.grsecurity.net

<< Previous Day 2002/03/06
[Calendar]
Next Day >>
About LiveJournal.com