security (at) mandriva (dot) com [email concealed] wrote:
>
> Prior to 2.6.15, the auto-reap child processes included processes with
> ptrace attached, leading to a dangling ptrace reference and allowing
> local users to cause a Denial of Service (crash) (CVE-2005-3784).
>
This information is not fully correct - CVE-2005-3784 leads to an
IMMEDIATE root compromise of vulnerable machines. But I'm not going to
provide a PoC :-]
>
> Prior to 2.6.15, the auto-reap child processes included processes with
> ptrace attached, leading to a dangling ptrace reference and allowing
> local users to cause a Denial of Service (crash) (CVE-2005-3784).
>
This information is not fully correct - CVE-2005-3784 leads to an
IMMEDIATE root compromise of vulnerable machines. But I'm not going to
provide a PoC :-]
with best regards
Paul Starzetz
[ reply ]