Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

security@xxxxxxxxxxxx wrote:



Prior to 2.6.15, the auto-reap child processes included processes with
ptrace attached, leading to a dangling ptrace reference and allowing
local users to cause a Denial of Service (crash) (CVE-2005-3784).
This information is not fully correct - CVE-2005-3784 leads to an IMMEDIATE root compromise of vulnerable machines. But I'm not going to provide a PoC :-] 

with best regards

Paul Starzetz
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux