Re: [cobalt-users] Cobalt Security Notice - Linux Kernel - 06/09/00

[Goran Blagus <vectro1@xxxxxxxxxxxx>]

Hello !

<BAD ENGLISH>

I would like to know how safe is this upgrade ? I'm a remote administrator 
of two RaQ servers at dN and I'm worried about total disaster if this 
upgrade fail (kernel corupt). Do you people have any suggestion how to do 
safe upgrade ?

About this security bug. We have tested two exploits and we succeded with 
creating a user with root priveleges on both RaQ servers (RaQ2 and RaQ3). 
We were able to su to root without password, but username from which we 
have logged was admin. Some other user on server was unable to su to root 
priveleges. What I'm worried about is that if any user can write to 
/etc/passwd and /etc/shadow he can also delete or change any other file on 
server.

What we have done ? We have disable gcc compiler because this two exploits 
was written in C, and I don't think this will stop malicious user with some 
other program that use this exploit but can slow him down.

Please advise us, give us your suggestion and tell us what have you done to 
protect against this exploit? Is this RPM's safe and is this upgrade or 
mayor install ?

</BAD ENGLISH>

Goran