[20530] in bugtraq
Re: [SECURITY] [DSA 052-1] New sendfile packages fix root exploit
daemon@ATHENA.MIT.EDU (Florian Weimer)
Wed May 2 11:51:31 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <tgk840gl3i.fsf@mercury.rus.uni-stuttgart.de>
Date: Wed, 2 May 2001 11:24:01 +0200
Reply-To: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
From: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <7FhnDD.A.XyB.oDA56@murphy>
(debian-security-announce@LISTS.DEBIAN.ORG's message of "Mon, 23
Apr 2001 04:23:43 -0600")
debian-security-announce@LISTS.DEBIAN.ORG writes:
> Package : sendfile
> Vulnerability : broken privileges dropping
> Problem-Type : local root exploit
> Debian-specific: no
The author, Ulli Horlacher, released an updated version of sendfile
which corrects these problems a few months ago. It's available from:
ftp://ftp.belwue.de/pub/unix/sendfile/
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
