Package: kernel-image-2.4.27-i386 Severity: normal Petter Reinholdsen (pere) forwarded some issues regarding the RHEL kernels, and I've found that at least 2 of them affects kernel-image-2.4.27-i386
> ISEC security research and Georgi Guninski independantly discovered a > flaw in the scm_send function in the auxiliary message layer. A local > user could create a carefully crafted auxiliary message which could > cause a denial of service (system hang). The Common Vulnerabilities > and Exposures project (cve.mitre.org) has assigned the name > CAN-2004-1016 to this issue. I ran the code on a sarge installation - as root, and effectivly hang the installation. This was a 386-kernel. Retried as a normal user, using a 686-smp kernel, and it hang one CPU effectivly 100%. NOt even possible to kill with 'kill -9 <PID>'
