CAN-2004-1073 fixed by suse ?
Hi, I've noticed a message on the Full-Disclosure mailinglist. The message states that there is no fix supplied in the vanilla kernel and that there is probably no fix in vendor supplied kernels for the CAN-2004-1074 vulnerability. The message to FD can be found at the following link: http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0820.html Can any of you guys confirm that SuSE is still vulnerable? TIA Bone Machine --- "I can hardly wait Betty" - The Pixies
On Wed, Mar 30, 2005 at 01:56:04PM +0000, BoneMachine wrote:
Hi, I've noticed a message on the Full-Disclosure mailinglist. The message states that there is no fix supplied in the vanilla kernel and that there is probably no fix in vendor supplied kernels for the CAN-2004-1074 vulnerability. The message to FD can be found at the following link: http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0820.html
Can any of you guys confirm that SuSE is still vulnerable?
The issue referenced by CAN-2004-0174 is fixed. The issue referenced by http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0820.html has another CAN number, CAN-2004-0173. CAN-2004-0173 is not fixed yet in SUSE kernels. However, disclosing the content of setuid root binaries is a minor problem. You usually can get access to these binaries by just downloading them from our ftp server for instance. Ciao, Marcus
BM, On Wednesday 30 March 2005 05:56, BoneMachine wrote:
Hi, I've noticed a message on the Full-Disclosure mailinglist. The message states that there is no fix supplied in the vanilla kernel and that there is probably no fix in vendor supplied kernels for the CAN-2004-1074 vulnerability.
Did you mean CAN-2004-1073? CAN-2004-1074 is not mentioned on the page you reference below.
The message to FD can be found at the following link:
http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0820.html
Bone Machine
Randall Sculz
participants (3)
-
BoneMachine
-
Marcus Meissner
-
Randall R Schulz