On Mon, May 12, 2008 at 03:13:14PM -0600, dann frazier wrote: > Vulnerability : denial of service
> CVE-2008-1669 > > Alexander Viro discovered a race condition in the fcntl code that > may permit local users on multi-processor systems to execute parallel > code paths that are otherwise prohibited and gain re-ordered access > to the descriptor table. Is there any reason this has been labelled as a DoS rather than an potential arbitrary code execution issue (which http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1669 suggests it is) - eg are there mitigating circumstances in the Debian kernel? It seems odd that Debian would release a new kernel for a single DoS-only vulnerability. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
