lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <44B21F80.3020501@starzetz.de>
Date: Mon Jul 10 12:41:18 2006
From: paul at starzetz.de (Paul Starzetz)
Subject: Re: rPSA-2006-0122-1 kernel

Justin M. Forbes wrote:

>Description:
>    Previous versions of the kernel package are vulnerable to two denial
>    of service attacks.  The first allows any local user to fill up file
>    systems by causing core dumps to write to directories to which they
>    do not have write access permissions.  The second applies only to
>  
>
I really wonder why in the recent past there is a tendence to declare 
such things as "denial of service" etc - while they are perfect root 
backdoors / vulns

*B000M* you are in one minut^K^K^Ke later...

Maybe this is just to hide the overall bad quality of the 2.6 kernel 
code? *just guessing*

Anyway CVE-2006-2451 is trivially exploitable so I don't attach any 
exploit code since it is obvious...

Paul Starzetz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ