[ale] [Fwd: Kernel Security]
Kevin Krumwiede
krum at smyrnacable.net
Thu Mar 28 06:51:36 EST 2002
The exploit scenario described for this bug sounds unlikely, but it's
still something to be aware of I guess.
Krum
-----Forwarded Message-----
From: Michael LERCH <Michael.Lerch at ch.dhl.com>
To: ale at ale.org
To: lfs-security at linuxfromscratch.org
Subject: Kernel Security
Date: 28 Mar 2002 12:06:54 +0100
Hi,
I think this may interest some people :
There is a vulnerability in the kernel, version: up to 2.2.20 and
2.4.18
Issue:
In case of excessively long path names d_path kernel internal
function
returns truncated trailing components of a path name instead of
an error
value. As this function is called by getcwd(2) system call and
do_proc_readlink() function, false information may be returned to
user-space processes.
For more information :
http://online.securityfocus.com/archive/1/264117
I had a quick glance, at http://www.kernel.org no patch seems to be
available.
Bye
Michael
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list