[15281] in bugtraq
Re: local root on linux 2.2.15
daemon@ATHENA.MIT.EDU (Tomasz Grabowski)
Sat Jun 10 01:53:56 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10006082151280.25640-100000@apollo.aci.com.pl>
Date: Thu, 8 Jun 2000 21:54:51 +0200
Reply-To: Tomasz Grabowski <cadence@APOLLO.ACI.COM.PL>
From: Tomasz Grabowski <cadence@APOLLO.ACI.COM.PL>
X-To: Wojciech Purczynski <wp@ELZABSOFT.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0006081023450.1069-100000@alfa.elzabsoft.pl>
> > I did not discover this bug, I only extrapolated from the small info I had:
> > 'it has to do with capsuid' 'sendmail is vulnerable, crond is not'. Some
> > reading of the kernel source then suggested the above to me, which has been
> > confirmed by a more knowledgeable source.
Crontab IS vulnerable, but it will only give you egid=0 (at least at
RedHat 5.1 with 2.2.12 kernel).
