Tech Support Guy banner
Not open for further replies.
1 - 1 of 1 Posts

· Super Moderator
37,801 Posts
Discussion Starter · #1 ·

There are some potential vulnerabilities in the most recent xinetd
package for EnGarde Secure Linux 1.0.1

Solar Designer did an audit of xinetd 2.3.0 and came up with a list
of potential vulnerabilities. This release fixes all known
vulnerabilities as a precautionary measure. Most of these fixes are
in the interest of robustness and are not known to be exploitable at
this time.

For more information on the results of this audit please refer to
the AUDIT file in the xinetd-2.3.3.tar.gz tarball (included with
the source package).

There are two vulnerabilities in the kernel which can allow a local
attacker to either obtain root privileges or lock the machine up for
an arbitrary amount of time

There is another local root exploit using the kernel's ptrace

2) The kernel can be forced to remain in path_walk() while
traversing a very deep tree of symbolic links for an arbitrary
amount of time, resulting in a local DoS attack

Yet another ptrace race condition has been found which allows local
attackers to get access to the root account

OpenLinux 2.3 All packages previous to

OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder linux-2.2.14-12S

OpenLinux eDesktop 2.4 All packages previous to
OpenLinux Server 3.1 All packages previous to

OpenLinux Workstation 3.1 All packages previous to

As reported on Bugtraq, there is a local root exploit in the Linux
kernel involving the ptrace call. In addition, it is possible to create
a Denial of Service attack in the kernel by creating a number of symlinks

This release fixes several issues; two of moderate severity, and one
of slight severity. First, Peter W found that command restrictions
placed on keys did not apply to subsystems such as sftp, essentially
allowing users to bypass the command restrictions placed upon the key.
Second, the OpenSSH team found that IP source restrictions could be
bypassed when the authorized_keys file contained both RSA and DSA
keys. Last, zen-parse found that any file named 'cookies' could be
deleted remotely.

A vulnerability has been found in the ptrace code of the kernel (ptrace is
the part that allows program debuggers to run) that could be abused by
local users to gain root privileges

Stephane Gaudreault told us that version 2.0.6a of gftp displays the
password in plain text on the screen within the log window when it is
logging into an ftp server. A malicious collegue who is watching the
screen could gain access to the users shell on the remote machine


1 - 1 of 1 Posts
Not open for further replies.