[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)

Jan Lühr <jluehr@gmx.net> writes:

> Greetings,..
> 
> Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> > Jan Lühr <jluehr@gmx.net> writes:
> > > Greetings,
> 
> > Okay... This is the result of a cursory check, do your homework, yada,
> > yada...
> >
> 
> Thanks for doing so ;) Anyway, this wasn't the intetention of my
> post.  My point is, that five local root exploits at once are a
> little bit scary, as far as there are no patch- days for debian
> ;). 

Actually:

  CAN-2004-0003 (the R128 DRI bounds checking bug) is a potential
  local root exploit;

  CAN-2004-0010 (ncpfs) might be remotely exploitable;

  CAN-2004-0109 (isofs) is is locally exploitable iff you have
  hardware access or if you can induce someone to mount a compromised
  medium;

  CAN-2004-0177 (ext3) is an information leak that cannot lead to any
  exploit and has only the tiniest chances of giving an attacker any
  usable information;

  CAN-2004-0178 (soundblaster) can only result in a DOS.

So that's not as bad as you make it sound.

Phil.
Reply to: