Bug 89036 - remote root in RH8
remote root in RH8
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: distribution (Show other bugs)
8.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Mark J. Cox (Product Security)
Ed Bailey
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-04-16 15:39 EDT by Justin Mason
Modified: 2007-03-27 00:03 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-04-22 06:07:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Justin Mason 2003-04-16 15:39:18 EDT
Folks -- I'm pretty sure I've found a remote-root hole in the default install of
Red Hat 8.0.  I'm on x86, but I think it would be present on all archs.

Before I provide the details though (and fix the component ;), is the public
bugzilla the correct forum for this?

Version-Release number of selected component (if applicable):
to be filled out...

How reproducible:
Always

Steps to Reproduce:
1. to be filled out...
Comment 1 Ed Bailey 2003-04-16 16:08:46 EDT
Thanks for taking the time to contact us.

I'm changing the component to "distribution" to more properly reflect the nature
of what you're reporting.  I'll leave it to the component owner to determine how
best to proceed in this matter...
Comment 2 Mark J. Cox (Product Security) 2003-04-17 03:55:03 EDT
We'd prefer that for non-public issues you contact our security response team at
security@redhat.com who'll be able to work with you on the issue.  

More contact details, GPG keys, and so on at
http://www.redhat.com/solutions/security/news/contact.html
Comment 3 Mark J. Cox (Product Security) 2003-04-22 06:07:00 EDT
Issue is not a remote root but a DoS, and is fixed in Red Hat Linux 9 and above.
 Being dealt with by security@redhat.com, closing bug.

Note You need to log in before you can comment on or make changes to this bug.