Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service
On Mon, May 12, 2008 at 03:13:14PM -0600, dann frazier wrote:
> Vulnerability : denial of service
> CVE-2008-1669
>
> Alexander Viro discovered a race condition in the fcntl code that
> may permit local users on multi-processor systems to execute parallel
> code paths that are otherwise prohibited and gain re-ordered access
> to the descriptor table.
Is there any reason this has been labelled as a DoS rather than an
potential arbitrary code execution issue (which
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1669 suggests it is) - eg
are there mitigating circumstances in the Debian kernel?
It seems odd that Debian would release a new kernel for a single
DoS-only vulnerability.
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Reply to: