Re: [PATCH] Backport of CVE-2005-2709 fix
On Fri, Nov 18, 2005 at 03:42:19PM -0700, dann frazier wrote:
> I've backported the fix for CVE-2005-2709 to 2.4 for Debian's 2.4
> sarge kernel. Below is a patch against 2.4.32, in case one hasn't been
> submitted to you yet. Please apply.
>
> CVE-2005-2709
>
> sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a
> denial of service (kernel oops) and possibly execute code by opening an
> interface file in /proc/sys/net/ipv4/conf/, waiting until the interface
> is unregistered, then obtaining and modifying function pointers in
> memory that was used for the ctl_table.
Applied, thanks Dann.
Reply to: