Home page logo
/

bugtraq logo Bugtraq mailing list archives

Red Hat IA64 products still missing fixes for the ptrace vs kmod vulnerability
From: Christoph Hellwig <hch () infradead org>
Date: Wed, 30 Apr 2003 12:28:57 +0100

It seems redhat still hasn't manged to make any of their IA64 products
immune against CAN-2003-0127.

For RH AS2.1 (and it's crippled corporate newspeak variations) a kernel
errata was released only for x86 but noa IA64, as in

        https://rhn.redhat.com/errata/RHSA-2003-103.html

for RH 7.x on IA64 there was an kernel updated released, 2.4.9-41 whos
only change over the previous version is the addition of a patch,
linux-2.4.9-ptrace-harden.patch that seems to fix this exploit, but
if you look at the specfile this patch isn't actually applied as part
of the build process ( note the comment in the %patch line!):

# harden ptrace
# %patch2480 -p1

I have informed Red Hat about this shortly after the package was released
and was told this has been forwarded to the responsible maintainer, but
nothing has happened yet..


  By Date           By Thread  

Current thread:
  • Red Hat IA64 products still missing fixes for the ptrace vs kmod vulnerability Christoph Hellwig (May 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault