[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: vuln needs investigation and need a new form



On Mon, Jan 12, 2004 at 09:14:28AM -0800, Jesse Keating wrote:
Content-Description: signed data
> On Monday 12 January 2004 08:53, Jason wrote:
> > Seth posted a src.rpm to the list a week or so ago for cvs to fix a
> > more serious root exploit vuln.  I was in the process of verifying it
> > to submit to the bugzilla, so I can check this out as well and patch
> > it in.
> 
> You know what?  I wonder if this is the same vuln....  I could be just 
> cracked in the head.

It's not .. one is a directory creation problem.. and one is a broken 
switch_to_user routine, allowing switching to the root user.

-jason

Attachment: pgp00028.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]