On Fri, Nov 18, 2005 at 03:42:19PM -0700, dann frazier wrote: > I've backported the fix for CVE-2005-2709 to 2.4 for Debian's 2.4 > sarge kernel. Below is a patch against 2.4.32, in case one hasn't been > submitted to you yet. Please apply. > > CVE-2005-2709 > > sysctl.c in Linux kernel before 2.6.14.1 allows local users to cause a > denial of service (kernel oops) and possibly execute code by opening an > interface file in /proc/sys/net/ipv4/conf/, waiting until the interface > is unregistered, then obtaining and modifying function pointers in > memory that was used for the ctl_table.
Applied, thanks Dann. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]