Home/Support/Support Forum/Linux Kernel Vulnerability
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Linux Kernel Vulnerability

0 votes
Linux Kernel Vulnerability
do_brk()[0][1]

The latest Digi CM firmware[2] did not mention any fixes to this bug.

[0]
http://isec.pl/papers/linux_kernel_do_brk.pdf
[1]
http://www.kb.cert.org/vuls/id/301156
[2]
http://ftp.digi.com/support/firmware/digicm/93000490_H.txt
[3]
asked Feb 5, 2004 in Console Servers by barryg New to the Community (1 point)

Please log in or register to answer this question.

2 Answers

0 votes
This is being evaluated to see whether its applicable to us or not, and what possible effects it might have. If you've found a specific vulnerability, please contact Technical Support, along with the version of firmware you're currently using.
answered Feb 5, 2004 by michaelt Veteran of the Digi Community (768 points)
0 votes
From Digi support folks:

Regarding the kernel vulnerabilities:

We have fixed the do_brk() Linux Kernel Vulnerability(CAN-2003-0961) in
the current v1.4.0 release.

But there is still another Linux Kernel Vulnerability(mremap()
vulnerability : CAN-2003-0985) which is not yet fixed in the CM. This
will be fixed in our March Release.

P.S.:
As you may know, a CM user (except root user) cannot copy his own binary
file to the CM by himself. Only the root user can copy files to the CM
and can change attributes of the files in the CM. So I think this kind
of vulnerability( : Allowing a local attacker to gain root privileges)
is not relevent in our case.

Support Wizards
answered Feb 10, 2004 by barryg New to the Community (1 point)
...