| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44B21F80.3020501@starzetz.de> Date: Mon, 10 Jul 2006 11:36:00 +0200 From: Paul Starzetz <paul@...rzetz.de> To: "Justin M. Forbes" <jmforbes@...th.com> Cc: lwn@....net, update-announce@...ts.rpath.com, full-disclosure@...ts.grok.org.uk, security-announce@...ts.rpath.com, bugtraq@...urityfocus.com Subject: Re: rPSA-2006-0122-1 kernel Justin M. Forbes wrote: >Description: > Previous versions of the kernel package are vulnerable to two denial > of service attacks. The first allows any local user to fill up file > systems by causing core dumps to write to directories to which they > do not have write access permissions. The second applies only to > > I really wonder why in the recent past there is a tendence to declare such things as "denial of service" etc - while they are perfect root backdoors / vulns *B000M* you are in one minut^K^K^Ke later... Maybe this is just to hide the overall bad quality of the 2.6 kernel code? *just guessing* Anyway CVE-2006-2451 is trivially exploitable so I don't attach any exploit code since it is obvious... Paul Starzetz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists