Bug 89036 - remote root in RH8
Summary: remote root in RH8
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: distribution   
(Show other bugs)
Version: 8.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Mark J. Cox
QA Contact: Ed Bailey
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-04-16 19:39 UTC by Justin Mason
Modified: 2007-03-27 04:03 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-04-22 10:07:00 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Justin Mason 2003-04-16 19:39:18 UTC
Folks -- I'm pretty sure I've found a remote-root hole in the default install of
Red Hat 8.0.  I'm on x86, but I think it would be present on all archs.

Before I provide the details though (and fix the component ;), is the public
bugzilla the correct forum for this?

Version-Release number of selected component (if applicable):
to be filled out...

How reproducible:
Always

Steps to Reproduce:
1. to be filled out...

Comment 1 Ed Bailey 2003-04-16 20:08:46 UTC
Thanks for taking the time to contact us.

I'm changing the component to "distribution" to more properly reflect the nature
of what you're reporting.  I'll leave it to the component owner to determine how
best to proceed in this matter...


Comment 2 Mark J. Cox 2003-04-17 07:55:03 UTC
We'd prefer that for non-public issues you contact our security response team at
security@redhat.com who'll be able to work with you on the issue.  

More contact details, GPG keys, and so on at
http://www.redhat.com/solutions/security/news/contact.html


Comment 3 Mark J. Cox 2003-04-22 10:07:00 UTC
Issue is not a remote root but a DoS, and is fixed in Red Hat Linux 9 and above.
 Being dealt with by security@redhat.com, closing bug.


Note You need to log in before you can comment on or make changes to this bug.