Re: [SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation
From: Emanuele Rocca <ema@debian.org>
Date: Thu, 20 Jul 2006 15:27:18 +0200
Message-id: <[🔎] 20060720132718.GA10710@darkmoon.home>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20060716164824.GA7383@galadriel.inutil.org>
References: <20060716164824.GA7383@galadriel.inutil.org>

Hello,

* Moritz Muehlenhoff <jmm@debian.org>, [2006-07-16 18:48 +0200]:
>  --------------------------------------------------------------------------
>  Debian Security Advisory DSA 1111-1                    security@debian.org
>  http://www.debian.org/security/                               Dann Frazier
>  Jul 16th, 2006                          http://www.debian.org/security/faq
>  --------------------------------------------------------------------------
>  
>  Package        : kernel-source-2.6.8 et. al.
>  Vulnerability  : race condition
>  Problem-Type   : local
>  Debian-specific: no
>  CVE ID         : CVE-2006-3625
>  
>  It was discovered that a race condition in the process filesystem can lead
>  to privilege escalation.

As an additional information, mounting /proc nosuid renders the exploit 
innocuous.

ciao,
    ema

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: security.debian.org - local repository
Next by Date: RE: [SECURITY] [DSA 1118-1] New Mozilla packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1111-1] New Linux kernel 2.6.8 packages fix privilege escalation
Next by thread: autoresponse
Index(es):
- Date
- Thread