Bug#601747: RDS protocol vulnerability

To: Hideki Yamane <henrich@debian.or.jp>, 601747@bugs.debian.org
Subject: Bug#601747: RDS protocol vulnerability
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 29 Oct 2010 16:10:35 +0100
Message-id: <[🔎] 1288365035.30602.160.camel@hathi.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 601747@bugs.debian.org
In-reply-to: <[🔎] AANLkTi=i-YmQUCySZ3ThZB50xsLmw-fQDGFf-REXLsVt@mail.gmail.com>
References: <[🔎] AANLkTi=i-YmQUCySZ3ThZB50xsLmw-fQDGFf-REXLsVt@mail.gmail.com>

tag 601747 + moreinfo
thanks

On Fri, 2010-10-29 at 18:07 +0900, Hideki Yamane wrote:
> Package: linux-2.6
> Version: 2.6.32-26
>  You know, RDS protocol vulnerability was found in Linux kernel.
>  US-Cert says (http://www.kb.cert.org/vuls/id/362983)
> 
> > The RDS protocol implementation of Linux kernels 2.6.30 through
> > 2.6.38-rc8 contain a local privilege escalation vulnerability.

Are you actually experiencing this in 2.6.32-26, or just assuming it's
affected because the US-CERT page says it is?

-26 is the upload which is intended *to fix* this issue; see the
changelog and http://security-tracker.debian.org/tracker/CVE-2010-3904

Regards

Adam

Reply to:

Follow-Ups:
- Processed: Re: Bug#601747: RDS protocol vulnerability
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#601747: RDS protocol vulnerability
  - From: Hideki Yamane <henrich@debian.or.jp>

References:
- Bug#601747: RDS protocol vulnerability
  - From: Hideki Yamane <henrich@debian.or.jp>

Prev by Date: Re: item for kernel meeting -- NX emulation
Next by Date: Processed: Re: Bug#601747: RDS protocol vulnerability
Previous by thread: Bug#601747: RDS protocol vulnerability
Next by thread: Processed: Re: Bug#601747: RDS protocol vulnerability
Index(es):
- Date
- Thread