Bug#309308: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
On Fri, Aug 12, 2005 at 09:26:49AM +0200, Moritz Muehlenhoff wrote:
> Horms wrote:
> > > > There is no public CVE assignment for this issue. If's it easily reproducable
> > > > for non-root, it might account as a local DoS vulnerability.
> > >
> > > mii-tool's IOCTL is only allowed by root.
> > >
> > > The remote DoS comes from the fact that snmpd will call this IOCTL when it
> > > gets a request for the interface statistics.
> > >
> > > So it's exploitable via SNMP if the exploiter has access to the SNMP tree
> > > in question. (Which is not the default, if I recall correctly?)
> > >
> > > However, this means that cricket will bone the machine during the boot process,
> > > or soon after.
> >
> > I think thats a strong enough reason to tag it as a security fix,
> > and thus include it in a kernel security update.
>
> Hi Horms,
> this is now CAN-2005-2548. Can you please add it to the changelog?
Of course. Its in now.
--
Horms
Reply to: