Re: remotely exploitable buffer overflow

To: debian-kernel@lists.debian.org
Subject: Re: remotely exploitable buffer overflow
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 22 Mar 2006 09:58:48 +0100
Message-id: <slrne224e8.6mk.jmm@inutil.org>
References: <4420A373.1060501@strategicdata.com.au>

Geoff Crompton wrote:
> Security focus list a remote buffer overflow vulnerability.
> http://www.securityfocus.com/bid/17178
>
> I can't find a CVE for it yet, so I cant see if you've got it under
> control on your subversion patch tracking page.

It's the first time I've heard of that. Solar Designer is on vendor-sec
and I assume if it were a grave issue vendors would've been notified
in advance.

> Do you think it likely that a DSA will get fast tracked for this?

The securityfocus database isn't really the greatest source for
vulnerability information, this could very well be false alarm.
Plus, there's been some heavy rework on netfilter lately, so even if
this is genuine this could not affect 2.6.8.

If you find further information on this please keep team@security.debian.org
posted.

Cheers,
        Moritz

Reply to:

References:
- remotely exploitable buffer overflow
  - From: Geoff Crompton <geoff.crompton@strategicdata.com.au>

Prev by Date: Bug#358153: testing (etch): cannot boot on software raid
Next by Date: Bug#358153: testing (etch): cannot boot on software raid
Previous by thread: remotely exploitable buffer overflow
Next by thread: Re: remotely exploitable buffer overflow
Index(es):
- Date
- Thread