[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service

On Mon, May 12, 2008 at 05:31:32PM -0600, dann frazier wrote:
> On Mon, May 12, 2008 at 11:52:27PM +0100, Dominic Hargreaves wrote:

> > Is there any reason this has been labelled as a DoS rather than an
> > potential arbitrary code execution issue (which
> > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1669 suggests it is) - eg
> > are there mitigating circumstances in the Debian kernel?

>  At the time I prepared this upload, I was under the impression that
> this was a potential arbitrary code execution issue (with no known
> exploit). However, while preparing the DSA I didn't find convincing
> evidence that this was more than a DoS. I could of course be wrong,
> and if I am I'll be happy to update the advisory.

Thanks for the response. It's possible I'm misreading the "Impact Type"
jargon in the URL above. As another datapoint I note that
http://www.securityfocus.com/bid/29076/discuss lists it as a DoS.

Cheers,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Reply to: