Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 89036 - remote root in RH8
Summary: remote root in RH8
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: distribution
Version: 8.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Mark J. Cox
QA Contact: Ed Bailey
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-04-16 19:39 UTC by Justin Mason
Modified: 2007-03-27 04:03 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-04-22 10:07:00 UTC


Attachments (Terms of Use)

Description Justin Mason 2003-04-16 19:39:18 UTC
Folks -- I'm pretty sure I've found a remote-root hole in the default install of
Red Hat 8.0.  I'm on x86, but I think it would be present on all archs.

Before I provide the details though (and fix the component ;), is the public
bugzilla the correct forum for this?

Version-Release number of selected component (if applicable):
to be filled out...

How reproducible:
Always

Steps to Reproduce:
1. to be filled out...

Comment 1 Ed Bailey 2003-04-16 20:08:46 UTC
Thanks for taking the time to contact us.

I'm changing the component to "distribution" to more properly reflect the nature
of what you're reporting.  I'll leave it to the component owner to determine how
best to proceed in this matter...


Comment 2 Mark J. Cox 2003-04-17 07:55:03 UTC
We'd prefer that for non-public issues you contact our security response team at
security@redhat.com who'll be able to work with you on the issue.  

More contact details, GPG keys, and so on at
http://www.redhat.com/solutions/security/news/contact.html


Comment 3 Mark J. Cox 2003-04-22 10:07:00 UTC
Issue is not a remote root but a DoS, and is fixed in Red Hat Linux 9 and above.
 Being dealt with by security@redhat.com, closing bug.


Note You need to log in before you can comment on or make changes to this bug.