Wheezy is vulnerable to CVE-2013-2094

To: debian-security@lists.debian.org
Subject: Wheezy is vulnerable to CVE-2013-2094
From: John Andreasson <andreassonjohn@gmail.com>
Date: Tue, 14 May 2013 09:36:12 -0700
Message-id: <[🔎] CAHRhq0oKnfOieZCC1BwrX1o3YEzR-D0aGCZ4mq0WQPiUzJw2XA@mail.gmail.com>

Hi.

Was just alerted of a kernel bug in RHEL [1], but when testing the sample code on Wheezy as an unprivileged user it successfully gives me a root prompt. Kind of suboptimal. :-(

Any idea when this is fixed?

[1] https://bugzilla.redhat.com/show_bug.cgi?id=962792

Reply to:

Follow-Ups:
- Re: Wheezy is vulnerable to CVE-2013-2094
  - From: Gavin <netmatters@gmail.com>
- Re: Wheezy is vulnerable to CVE-2013-2094
  - From: dann frazier <dannf@dannf.org>

Prev by Date: Re: About adding security.debian.org ipv6 to iptables, which range should we add?
Next by Date: Re: Wheezy is vulnerable to CVE-2013-2094
Previous by thread: Serwis - 9637: [ONTP SP] [SECURITY] [DSA 2664-1] stunnel4 security update
Next by thread: Re: Wheezy is vulnerable to CVE-2013-2094
Index(es):
- Date
- Thread