Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service
From: Dominic Hargreaves <dom@earth.li>
Date: Mon, 12 May 2008 23:52:27 +0100
Message-id: <[🔎] 20080512225227.GJ18692@urchin.earth.li>
In-reply-to: <20080512211310.GA27874@ldl.fc.hp.com>
References: <20080512211310.GA27874@ldl.fc.hp.com>

On Mon, May 12, 2008 at 03:13:14PM -0600, dann frazier wrote:

> Vulnerability  : denial of service

> CVE-2008-1669
> 
>     Alexander Viro discovered a race condition in the fcntl code that
>     may permit local users on multi-processor systems to execute parallel
>     code paths that are otherwise prohibited and gain re-ordered access
>     to the descriptor table.

Is there any reason this has been labelled as a DoS rather than an
potential arbitrary code execution issue (which
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1669 suggests it is) - eg
are there mitigating circumstances in the Debian kernel?

It seems odd that Debian would release a new kernel for a single
DoS-only vulnerability.

Cheers,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service
  - From: dann frazier <dannf@dannf.org>

Prev by Date: Re: [SECURITY] [DSA 1573-1] New php5 packages fix several vulnerabilities
Next by Date: Re: [SECURITY] [DSA 1572-1] New php5 packages fix several vulnerabilities
Previous by thread: Herr Bühler Arbeite nicht mehr bei der V-ZUG AG
Next by thread: Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service
Index(es):
- Date
- Thread