On Thu, Jul 13, 2006 at 01:23:10AM +0300, Ariel Biener wrote: > On Wednesday 12 July 2006 03:15, Roman Medina-Heigl Hernandez wrote: > > Ignore my previous post, it does create a setuid bash version in /tmp/sh, the > reason it doesn't work is due to SELinux contexts. This is an important note, IMO. While the original advisory states that only kernels >= 2.6.13 and <= 2.6.17.4 are vulnerable, it looks like, somehow, the same vulnerable code is present in patched Redhat kernels. The previous poster had a 2.6.9 version, and I've just verified that 2.6.9-11.ELsmp (provided with RH EL 4 update 1) is also vulnerable. If this is the case of backporting, this should come as no surprise. If it is not a backport issue, what vulnerability is being exploited on these supposedly older kernels? -jon
