vuln needs investigation and need a new form
Jason
rohwedde at codegrinder.com
Mon Jan 12 17:29:44 UTC 2004
On Mon, Jan 12, 2004 at 09:14:28AM -0800, Jesse Keating wrote:
Content-Description: signed data
> On Monday 12 January 2004 08:53, Jason wrote:
> > Seth posted a src.rpm to the list a week or so ago for cvs to fix a
> > more serious root exploit vuln. I was in the process of verifying it
> > to submit to the bugzilla, so I can check this out as well and patch
> > it in.
>
> You know what? I wonder if this is the same vuln.... I could be just
> cracked in the head.
It's not .. one is a directory creation problem.. and one is a broken
switch_to_user routine, allowing switching to the root user.
-jason
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040112/51a56978/attachment.sig>
More information about the fedora-legacy-list
mailing list