Re: Kernel fchown() exploit status?

From: Chris Wright
Date: Thu Jul 08 2004 - 18:26:25 EST


* Chris White (webmaster@xxxxxxxxxxxxxxxxx) wrote:
> There was a recent security announcment regarding a vulnerability with
> the fchown function.
>
> Only a few distrobutions (red hat/suse) have fixed the issue, but I've
> yet to see a general patch for it.

Patches are in both 2.4 and 2.6 bk trees. 2.4.27-rc3 has this fixed.
There hasn't been a 2.6.8-rc release since the patches went in to 2.6

For 2.4 see these patches:
http://linux.bkbits.net:8080/linux-2.4/cset@40e725f8sMbNK6BEQmRi5fWfux8l8A
http://linux.bkbits.net:8080/linux-2.4/cset@40e733598ODR85iS5HRft0zJTnDCHA

For 2.6 see these patches:
http://linux.bkbits.net:8080/linux-2.6/cset@40e62e18vom8K1fHgbJfe1oQ6mdkkQ
http://linux.bkbits.net:8080/linux-2.6/cset@40e6158bme9avS6IqahBN0wa9zx7LQ

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/