Hi DaveyD,

Is there prointer to url?

TIA,
Jack

_________________

"the expression, 'atonal music,' is most unfortunate--it is on a par with calling flying 'the art of not falling,' or swimming 'the art of not drowning.'. A. Schoenberg

funny ####..., looks like nothing is "THE BEST" anymore, time to unplug that modem/network card for you all ...

:)

_________________
See my blog and collection website! . https://www.blog.amigaguru.com

@ jack

I read an article about this at Devicetop as well.

Seems there's updates for this already:

Summary:
Updated kernel resolves security vulnerability

Updated kernel packages are now available that fix a security
vulnerability which may allow local users to gain root privileges.

Description:
The Linux kernel handles the basic functions of the operating system.

Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux
kernel versions 2.4.23 and previous which may allow a local attacker to
gain root privileges. No exploit is currently available; however, it is
believed that this issue is exploitable (although not trivially.) The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0985 to this issue.

All users are advised to upgrade to these errata packages, which contain a
backported security patch that corrects this issue.

Red Hat would like to thank Paul Starzetz from ISEC for disclosing this
issue as well as Andrea Arcangeli and Solar Designer for working on the patch.

These packages also contain a fix for a minor information leak in the real
time clock (rtc) routines. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0984 to this issue.

We have provided kernel updates for Red Hat Linux 7.1-8.0 with this
advisory as these were prepared by us prior to December 31 2003. Please
note that Red Hat Linux 7.1, 7.2, 7.3, and 8.0 have reached their end of
life for errata support and no further errata will be issued for those
distributions.

Yeah, its already patched. Now, if you were M$, you'd just ignore it and keep working on your method for putting DRM technology into coffee makers and toaster ovens

_________________
...wait... what?

I just wanted to say that although this is quite ot it's still really nice that it's posted on aw. That way this can be my one and only newssource. Imagine no to be forced to surf around for an hour or more to satisfy my newsfeedneed

Yeh, I might even discontinue bugtraq

/shoe

@ MikeB

10X.

AFAIU, seems 2b no threat to system with sshd/telnetd/ftpd being the only listening services.

Jack

_________________

"the expression, 'atonal music,' is most unfortunate--it is on a par with calling flying 'the art of not falling,' or swimming 'the art of not drowning.'. A. Schoenberg

Did anyone find the pacth? I recall there was patch in mmap.c. I guess this is different one (the memremap function seems to be in the same dir in kernel source tree).

TIA,
Jack

_________________

"the expression, 'atonal music,' is most unfortunate--it is on a par with calling flying 'the art of not falling,' or swimming 'the art of not drowning.'. A. Schoenberg

I believe that this exploit is local only, so the person gotta have atleast an username on the box, if he should be able to do any harm.