LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Re: rPSA-2006-0122-1 kernel

[Posted July 12, 2006 by corbet]

From:  Paul Starzetz <paul-AT-starzetz.de>
To:  "Justin M. Forbes" <jmforbes-AT-rpath.com>
Subject:  Re: rPSA-2006-0122-1 kernel
Date:  Mon, 10 Jul 2006 11:36:00 +0200
Cc:  lwn-AT-lwn.net, update-announce-AT-lists.rpath.com, full-disclosure-AT-lists.grok.org.uk, security-announce-AT-lists.rpath.com, bugtraq-AT-securityfocus.com
Archive-link:  Article, Thread 

Justin M. Forbes wrote:

>Description:
>    Previous versions of the kernel package are vulnerable to two denial
>    of service attacks.  The first allows any local user to fill up file
>    systems by causing core dumps to write to directories to which they
>    do not have write access permissions.  The second applies only to
>  
>
I really wonder why in the recent past there is a tendence to declare 
such things as "denial of service" etc - while they are perfect root 
backdoors / vulns

*B000M* you are in one minut^K^K^Ke later...

Maybe this is just to hide the overall bad quality of the 2.6 kernel 
code? *just guessing*

Anyway CVE-2006-2451 is trivially exploitable so I don't attach any 
exploit code since it is obvious...

Paul Starzetz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
(Log in to post comments)

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds