[21069] in bugtraq
patch for exec+ptrace security hole available (fwd)
daemon@ATHENA.MIT.EDU (Vagner Sacramento)
Sat Jun 16 16:27:49 2001
Date: Sat, 16 Jun 2001 14:44:11 -0300 (BRT)
From: Vagner Sacramento <vagner@natalnet.br>
To: <bugtraq@securityfocus.com>
Message-ID: <Pine.LNX.4.33.0106161442270.30672-100000@leao.natalnet.br>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
---------- Forwarded message ----------
Date: Sat, 16 Jun 2001 11:08:53 -0400 (EDT)
From: Aaron Campbell <aaron@monkey.org>
To: security-announce@openbsd.org
Subject: patch for exec+ptrace security hole available
A race condition exists in the kernel execve(2) implementation that opens
a small window of vulnerability for a non-privileged user to
ptrace(2) attach to a suid/sgid process.
2.8 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch
2.9 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch
The fix has also been committed to the 2.8 and 2.9 stable branches.
The bug was found by Georgi Guninski; Art Grabowski came up with a fix.
Vagner sacramento
