Linux root compromise, please upgrade your kernel
Matt Alexander
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 20 Oct 2001 05:25:28 -0700 (PDT)
As a quick fix, remove the suid bit from /usr/bin/newgrp.
chmod -s /usr/bin/newgrp
On Sat, 20 Oct 2001, Jason wrote:
> Hey wait a minute, the newest 2.2 kernel on sunsite IS 2.2.19
>
> Splendid.
>
> > Matt Alexander wrote:
> > >
> > > Root compromise is possible in kernels 2.2.x (x <= 19) up through 2.4.y.
> > > (y <= 9).
> > >
> > > Here's more info:
> > >
> > > http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
> > >
> > > If you've got a system with multiple users, please upgrade your kernel.
> > > ~M
>
>