<<< Date Index >>>     <<< Thread Index >>>

Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities



security@xxxxxxxxxxxx wrote:


Prior to 2.6.15, the auto-reap child processes included processes with
ptrace attached, leading to a dangling ptrace reference and allowing
local users to cause a Denial of Service (crash) (CVE-2005-3784).
This information is not fully correct - CVE-2005-3784 leads to an IMMEDIATE root compromise of vulnerable machines. But I'm not going to provide a PoC :-]

with best regards

Paul Starzetz