lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 07 Jul 2006 15:21:47 -0400 From: "Justin M. Forbes" <jmforbes@...th.com> To: security-announce@...ts.rpath.com, update-announce@...ts.rpath.com Cc: lwn@....net, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: rPSA-2006-0122-1 kernel rPath Security Advisory: 2006-0122-1 Published: 2006-07-07 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Deterministic Denial of Service Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.16.24-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2451 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2934 https://issues.rpath.com/browse/RPL-488 Description: Previous versions of the kernel package are vulnerable to two denial of service attacks. The first allows any local user to fill up file systems by causing core dumps to write to directories to which they do not have write access permissions. The second applies only to systems using the SCTP protocol, which is not enabled by default, and the tools required to configure it (lksctp-tools) are not included in rPath Linux. This vulnerability, which cannot apply to systems without lksctp-tools installed, enables a remote denial of service attack in which specially-crafted packets can crash the system. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists