[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] local root exploit in sendfile

To: linux-security
Subject: [linux-security] local root exploit in sendfile
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 3 May 2001 18:32:01 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
Bugs in sendfiled can lead to local root exploit.

Problem Description
===================
Bugs in the saft daemon `sendfiled' cause it to drop privileges
incorrectly.  Exploiting this a local user can easily make it execute
arbitrary code under root privileges.

Affected Systems
================
Debian
others? (please check, whether your distribution comes with a "sendfile"
package)

Not Affected
============
RedHat

Solution
========
Debian 2.2 (potato)
-------------------
upgrade to sendfile_2.1-20.3_i386.deb

Prev by Date: [linux-security] iptables security hole
Next by Date: [linux-security] cfingerd remote root exploit
Prev by thread: [linux-security] cfingerd remote root exploit
Next by thread: [linux-security] iptables security hole
Index(es):
- Date
- Thread