| |||||||||||||
|
| |||||||||||||
Red Hat security update to kernel-rtRed Hat security update to kernel-rtPosted Jul 2, 2009 1:42 UTC (Thu) by spender (subscriber, #23067)Parent article: Red Hat security update to kernel-rt
Yet another "denial of service":
* an off-by-two error was found in the set_selection() function of the Linux kernel. This could allow a local, unprivileged user to cause a denial of service when making a selection of characters in a UTF-8 console. Note: physical console access is required to exploit this issue. (CVE-2009-1046, Low)
And here's the one-shot local root exploit:
Maybe these "open source" companies should be more "open" with their justification for exploitability of bugs. Labeling every exploitable bug as DoS-only is getting very tiresome and pathetic.
-Brad
(Log in to post comments)
Red Hat security update to kernel-rt Posted Jul 2, 2009 9:32 UTC (Thu) by nix (subscriber, #2304) [Link]
If you've got console access, don't you often have physical access to the
machine, and thus many easier ways of getting root?
(This might be concerning for machines with serial consoles, higher-end
|
|
||||||||||||