Jan Lühr <[EMAIL PROTECTED]> writes: > Greetings,.. > > Am Mittwoch, 14. April 2004 20:57 schrieben Sie: > > Jan Lühr <[EMAIL PROTECTED]> writes: > > > Greetings, > > > Okay... This is the result of a cursory check, do your homework, yada, > > yada... > > > > Thanks for doing so ;) Anyway, this wasn't the intetention of my > post. My point is, that five local root exploits at once are a > little bit scary, as far as there are no patch- days for debian > ;).
Actually: CAN-2004-0003 (the R128 DRI bounds checking bug) is a potential local root exploit; CAN-2004-0010 (ncpfs) might be remotely exploitable; CAN-2004-0109 (isofs) is is locally exploitable iff you have hardware access or if you can induce someone to mount a compromised medium; CAN-2004-0177 (ext3) is an information leak that cannot lead to any exploit and has only the tiniest chances of giving an attacker any usable information; CAN-2004-0178 (soundblaster) can only result in a DOS. So that's not as bad as you make it sound. Phil.
