sendmail.net: Serious Linux Kernel Bug DiscoveredJun 08, 2000, 06:53 (4 Talkback[s])
[ Thanks to Mark Durham for this link. ]
"A serious bug has been discovered in the Linux kernel that can be used by local users to gain root access. The problem, a vulnerability in the Linux kernel capability model, exists in kernel versions up to and including version 2.2.15. According to Alan Cox, a key member of the Linux developer community, "It will affect programs that drop setuid state and rely on losing saved setuid, even those that check that the setuid call succeeded."
"To ensure that this vulnerability cannot be exploited by programs running on Linux, Linux users are advised to update to kernel version 2.2.16 immediately."
"Because this vulnerability can be used to attack any setuid root program that attempts to cede special permissions - including sendmail - a patched version of sendmail has been released that checks for this vulnerability in the kernel. If it is present, sendmail refuses to run, making it impossible to use sendmail to exploit the problem. The patched version, sendmail 8.10.2, also does more detailed checks on certain system calls - notably setuid(2) - to detect other possible attacks. While programs like sendmail and procmail are possible vectors of attack, sources in the Linux development community have emphasized that "this is a problem with Linux, not with sendmail."