[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040804154746.GA24921@openwall.com>
Date: Wed, 4 Aug 2004 19:47:46 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com, owl-users@...ts.openwall.com
Subject: Linux 2.4.26-ow3
Hi,
Linux 2.4.26-ow3 is out and available for download from the usual
location:
http://www.openwall.com/linux/
This corrects the access control check in the Linux kernel which
previously wrongly allowed any local user to change the group
ownership of arbitrary NFS-exported/imported files (CAN-2004-0497)
and adds a workaround for the file offset pointer races discovered by
Paul Starzetz (CAN-2004-0415).
The former is only exploitable when files are NFS-exported from a
server running a vulnerable version of Linux 2.4.x, and the currently
publicly known exploit for the latter relies on code enabled with
CONFIG_MTRR kernel build option which has not been enabled in the
default kernels on Owl CDs.
However, as the potential impact of both issues is a local root
compromise, an upgrade of older Linux 2.4.x installs to 2.4.26-ow3+ is
highly recommended.
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
