On Mon, Jan 12, 2004 at 09:14:28AM -0800, Jesse Keating wrote: Content-Description: signed data > On Monday 12 January 2004 08:53, Jason wrote: > > Seth posted a src.rpm to the list a week or so ago for cvs to fix a > > more serious root exploit vuln. I was in the process of verifying it > > to submit to the bugzilla, so I can check this out as well and patch > > it in. > > You know what? I wonder if this is the same vuln.... I could be just > cracked in the head. It's not .. one is a directory creation problem.. and one is a broken switch_to_user routine, allowing switching to the root user. -jason
Attachment:
pgp00169.pgp
Description: PGP signature
