Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] CAN-2004-1073 fixed by suse ?
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Wed, 30 Mar 2005 16:02:51 +0200
  • Message-id: <20050330140251.GA18149@xxxxxxx>
On Wed, Mar 30, 2005 at 01:56:04PM +0000, BoneMachine wrote:
> Hi,
> I've noticed a message on the Full-Disclosure mailinglist. The message states that there is no fix supplied in the vanilla kernel and that there is probably no fix in vendor supplied kernels for the CAN-2004-1074 vulnerability.
> The message to FD can be found at the following link:
> http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0820.html
>
> Can any of you guys confirm that SuSE is still vulnerable?

The issue referenced by CAN-2004-0174 is fixed.

The issue referenced by
http://archives.neohapsis.com/archives/fulldisclosure/2005-03/0820.html
has another CAN number, CAN-2004-0173.

CAN-2004-0173 is not fixed yet in SUSE kernels.

However, disclosing the content of setuid root binaries is a minor
problem. You usually can get access to these binaries by just downloading
them from our ftp server for instance.

Ciao, Marcus
< Previous Next >
References