1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - --------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-17 |
6 |
- - --------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : kernel |
9 |
SUMMARY : ptrace flaw |
10 |
DATE : 2003-03-21 08:59 UTC |
11 |
EXPLOIT : local |
12 |
VERSIONS AFFECTED : All except 2.5 |
13 |
FIXED VERSION : Kernels with patch applied |
14 |
CVE : CAN-2003-0127 |
15 |
|
16 |
- - --------------------------------------------------------------------- |
17 |
|
18 |
- From advisory: |
19 |
|
20 |
"The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole |
21 |
allows local users to obtain full privileges. Remote exploitation of |
22 |
this hole is not possible. Linux 2.5 is not believed to be vulnerable." |
23 |
|
24 |
Read the full advisory at: |
25 |
http://marc.theaimsgroup.com/?l=linux-kernel&m=104791735604202&w=2 |
26 |
|
27 |
SOLUTION |
28 |
|
29 |
It is recommended that all Gentoo Linux users upgrade their kernels. |
30 |
|
31 |
If you are running any of gentoo-sources, gs-sources, pfeifer-sources |
32 |
sparc-sources or xfs-sources updates are available. Sync your tree and |
33 |
run emerge <package> to install the latest version of the package. Then |
34 |
compile and install your new kernel and reboot. |
35 |
|
36 |
If you are using an other kernel package which hasn't been updated or |
37 |
download your own sources you can download a patch from |
38 |
http://cvs.gentoo.org/~aliz/linux-2.4.20-ptrace.patch |
39 |
and manually patch your kernel. |
40 |
|
41 |
- - --------------------------------------------------------------------- |
42 |
aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz |
43 |
- - --------------------------------------------------------------------- |
44 |
-----BEGIN PGP SIGNATURE----- |
45 |
Version: GnuPG v1.2.1 (GNU/Linux) |
46 |
|
47 |
iD8DBQE+etRofT7nyhUpoZMRAtj9AKCpcSvx893bgbEGVjZ8jExLNh3oHwCgvizk |
48 |
D3X8W7ZFcZ8flX9KD3Qm0ps= |
49 |
=ZiW+ |
50 |
-----END PGP SIGNATURE----- |