From: Mike Tierney (miket_at_marketview.co.nz)
Date: Thu 12 May 2005 - 22:55:57 BST
> From: vserver-bounces_at_list.linux-vserver.org [mailto:vserver-
> bounces_at_list.linux-vserver.org] On Behalf Of Oliver Welter
>
> Hello Herbert,
>
> >>serious problem:
> >>I read about the new BufferOverflow in the kernel's ELF Loader - it
> >>seems that an unprivileged attacker can start process in the kernels
> >>context..
> >
> > details?
> >
> > - which issue?
> > - what kernels are affected?
> > - how does the 'exploit' look like?
>
> I reffered to the Announce on heise
> (http://www.heise.de/newsticker/meldung/59498) - I did not any
> additional research as I dont have much knowldeg about kernel but this
> one here sounds serioius as it might allow loading a compromised
> kernel-space programm by simply running an infected binary....
>
> Oliver
This has been fixed in kernel release 2.6.11.9 according to
http://secunia.com/advisories/15341
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver