[14204] in bugtraq
Re: Corel Linux 1.0 dosemu default configuration: Local root vuln
daemon@ATHENA.MIT.EDU (Michael Meskes)
Wed Mar 8 03:23:40 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000307115315.A3668@fam-meskes.de>
Date: Tue, 7 Mar 2000 11:53:15 +0100
Reply-To: Michael Meskes <meskes@DEBIAN.ORG>
From: Michael Meskes <meskes@DEBIAN.ORG>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000303103351.G10971@willamette.edu>; from
sarnold@WILLAMETTE.EDU on Fri, Mar 03, 2000 at 10:33:51AM -0800
On Fri, Mar 03, 2000 at 10:33:51AM -0800, Seth R Arnold wrote:
> I tested this on debian's dosemu, Version: 0.98.8-2, (debian woody) and
And more important Debian potato which will be released soon also has the
0.98.8-2 version. The difference is simply that the actual Debian package is
NOT installed setuid. Thus the exploit simply does not work anymore.
Michael
--
Michael Meskes | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire!
Tel.: (+49) 2431/72651 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De | Use PostgreSQL!
