On 030523 at 13:20, Martin Helas wrote:
> On Don Mai 22, 2003 at 10:1621 +0100, Simon Huggins <[EMAIL PROTECTED]> wrote:
> > On Thu, May 22, 2003 at 01:50:51PM -0600, xbud wrote:
> > > FYI, http://marc.theaimsgroup.com/?|=linux-kernel&m=105271679705571&w=2
> >
> > You say 2.4 in the subject and it says 2.5 in that report.
> >
> > Is 2.4 vulnerable too?
> Yes, but it's fixed in 2.4.21-rc3 already ;)
I'm not a developer and I don't really understand the
impact of this Bug.
Am I right that a local User is able to crash the system
by putting evil data into these mysterious I/O-Ports?
Is privilege escalation possible?
Is this exploitable out of a chroot-jail(ssh,postfix)?
Are there any workarounds or do I have to compile rc3?
BTW: Even if the security-team won't provide a patched kernel
(as with ptrace) I think it would be a very good idea to
at least send out a DSA to inform the users.
Thanks in advance,
Steffen
--
Nothing in life is to be feared, it is only to be understood.
Marie Curie
