Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Jan Lühr <jluehr@gmx.net> writes:
> Greetings,..
>
> Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> > Jan Lühr <jluehr@gmx.net> writes:
> > > Greetings,
>
> > Okay... This is the result of a cursory check, do your homework, yada,
> > yada...
> >
>
> Thanks for doing so ;) Anyway, this wasn't the intetention of my
> post. My point is, that five local root exploits at once are a
> little bit scary, as far as there are no patch- days for debian
> ;).
Actually:
CAN-2004-0003 (the R128 DRI bounds checking bug) is a potential
local root exploit;
CAN-2004-0010 (ncpfs) might be remotely exploitable;
CAN-2004-0109 (isofs) is is locally exploitable iff you have
hardware access or if you can induce someone to mount a compromised
medium;
CAN-2004-0177 (ext3) is an information leak that cannot lead to any
exploit and has only the tiniest chances of giving an attacker any
usable information;
CAN-2004-0178 (soundblaster) can only result in a DOS.
So that's not as bad as you make it sound.
Phil.
Reply to: