[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] [Fwd: Kernel Security]



The exploit scenario described for this bug sounds unlikely, but it's
still something to be aware of I guess.

Krum


-----Forwarded Message-----

From: Michael LERCH <Michael.Lerch at ch.dhl.com>
To: ale at ale.org
To: lfs-security at linuxfromscratch.org
Subject: Kernel Security
Date: 28 Mar 2002 12:06:54 +0100

Hi,

I think this may interest some people :

There is a vulnerability in the kernel, version: up to 2.2.20 and
2.4.18

Issue:
    In case of excessively long path names d_path kernel internal
function
    returns truncated trailing components of a path name instead of
an error
    value. As this function is called by getcwd(2) system call and
    do_proc_readlink() function, false information may be returned to

    user-space processes.

For more information :
http://online.securityfocus.com/archive/1/264117

I had a quick glance, at http://www.kernel.org no patch seems to be
available.

Bye
Michael




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.