BugTraq
[ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities Jul 05 2006 06:21PM
security mandriva com (1 replies)
Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities Jul 06 2006 11:13AM
Paul Starzetz (paul starzetz de)
security (at) mandriva (dot) com [email concealed] wrote:

>
> Prior to 2.6.15, the auto-reap child processes included processes with
> ptrace attached, leading to a dangling ptrace reference and allowing
> local users to cause a Denial of Service (crash) (CVE-2005-3784).
>
This information is not fully correct - CVE-2005-3784 leads to an
IMMEDIATE root compromise of vulnerable machines. But I'm not going to
provide a PoC :-]

with best regards

Paul Starzetz

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus