Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory

To: Marcel Weber <mmweber@ncpro.com>
Cc: debian-security <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 5 Dec 2003 20:39:37 +0100
Message-id: <[🔎] 20031205193937.GB3833@deneb.enyo.de>
In-reply-to: <[🔎] 3FCD2BB1.8070405@ncpro.com>
References: <20031201201712.GA14687@wiggy.net> <[🔎] 20031202121610.GA21144@ildicow.saturnus.vein.hu> <[🔎] 20031202193551.GZ17340@riseup.net> <[🔎] 20031202211000.GA17326@xinara.org> <[🔎] 3FCD10F9.4030205@ncpro.com> <[🔎] 20031202224950.GC1519@mathom.us> <[🔎] 3FCD1CC2.4090009@ncpro.com> <[🔎] 3FCD2BB1.8070405@ncpro.com>

Marcel Weber wrote:

> I want to correct myself: CAN-2003-0961 dates from the 26th November 
> 2003, as far I could see on the CVE.org site. This means that unless 
> every discovered bug would be fixed, this incident could not have been 
> avoided. This is of course not realistic.

You can't infer much data from the assignment date.  The CVE process is
a bit more complicated these days.

BTW, the guys at isecl.pl believe that their exploit leaked to the
underground.  So it might have been discovered by the good guys, but
it leaked somewhere during the delayed disclosure process.

Reply to:

References:
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: Micah Anderson <micah@riseup.net>
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: "J.H.M. Dassen (Ray)" <fsmla@xinara.org>
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: Marcel Weber <mmweber@ncpro.com>
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: Michael Stone <mstone@debian.org>
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: Marcel Weber <mmweber@ncpro.com>
- Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
  - From: Marcel Weber <mmweber@ncpro.com>

Prev by Date: Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
Next by Date: Grsecurity and ssh
Previous by thread: Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
Next by thread: Re: [SECURITY] [DSA-403-1] userland can access Linux kernel memory
Index(es):
- Date
- Thread