Horms wrote:
> > > There is no public CVE assignment for this issue. If's it easily
> > > reproducable
> > > for non-root, it might account as a local DoS vulnerability.
> >
> > mii-tool's IOCTL is only allowed by root.
> >
> > The remote DoS comes from the fact that snmpd will call this IOCTL when it
> > gets a request for the interface statistics.
> >
> > So it's exploitable via SNMP if the exploiter has access to the SNMP tree
> > in question. (Which is not the default, if I recall correctly?)
> >
> > However, this means that cricket will bone the machine during the boot
> > process,
> > or soon after.
>
> I think thats a strong enough reason to tag it as a security fix,
> and thus include it in a kernel security update.
Hi Horms,
this is now CAN-2005-2548. Can you please add it to the changelog?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
