On Fri, Aug 12, 2005 at 09:26:49AM +0200, Moritz Muehlenhoff wrote: > Horms wrote: > > > > There is no public CVE assignment for this issue. If's it easily > > > > reproducable > > > > for non-root, it might account as a local DoS vulnerability. > > > > > > mii-tool's IOCTL is only allowed by root. > > > > > > The remote DoS comes from the fact that snmpd will call this IOCTL when it > > > gets a request for the interface statistics. > > > > > > So it's exploitable via SNMP if the exploiter has access to the SNMP tree > > > in question. (Which is not the default, if I recall correctly?) > > > > > > However, this means that cricket will bone the machine during the boot > > > process, > > > or soon after. > > > > I think thats a strong enough reason to tag it as a security fix, > > and thus include it in a kernel security update. > > Hi Horms, > this is now CAN-2005-2548. Can you please add it to the changelog?
Of course. Its in now. -- Horms -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
