oss-sec mailing list archives

Re: CVE-2014-4699: Linux ptrace bug

From: Yves-Alexis Perez <corsac () debian org>
Date: Sat, 05 Jul 2014 22:25:50 +0200

On dim., 2014-07-06 at 00:20 +0400, Solar Designer wrote:

On Sat, Jul 05, 2014 at 09:58:15PM +0200, Yves-Alexis Perez wrote:

And the system is usable after that.


Yet both are vulnerable, with privilege escalation likely possible.


Yes, sorry if my initial answer was suggesting the kernels were not
vulnerable. It was just that we didn't managed to make them crash on the
few boxes we tried on.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

CVE-2014-4699: Linux ptrace bug Andy Lutomirski (Jul 04)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 04)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
  - Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
    - Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
    - Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
    - Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
    - Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
    - Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
  - Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
    - Re: CVE-2014-4699: Linux ptrace bug Andy Lutomirski (Jul 08)
    - Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)
  - Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
    - Re: CVE-2014-4699: Linux ptrace bug Marc Deslauriers (Jul 05)
    - Re: CVE-2014-4699: Linux ptrace bug John Johansen (Jul 06)
    - Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 06)
    - Re: CVE-2014-4699: Linux ptrace bug John Johansen (Jul 06)
  - Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)

(Thread continues...)