[linux-elitists] Got root?

Rick Moen rick@linuxmafia.com
Tue Oct 3 18:45:43 PDT 2000


http://lwn.net/daily/ has:

IMPORTANT: Nasty format string vulnerability in su
Security, October 3 (Tuesday)

It turns out that the /bin/su utility has a format string vulnerability
that allows any local user to get a root shell. An exploit for this
problem has already been posted, so the cat is way out of the bag on
this one. If you have systems with untrusted users, you probably need to
simply disable su for now, until fixes come out (which shouldn't be
long). 

-- 
Cheers,                   "Teach a man to make fire, and he will be warm 
Rick Moen                 for a day.  Set a man on fire, and he will be warm
rick@linuxmafia.com       for the rest of his life."   -- John A. Hrastar




More information about the linux-elitists mailing list