[kernel-sec-discuss] r1563 - active
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Nov 3 23:03:44 UTC 2009
On Tue, 3 Nov 2009 15:33:58 -0700, dann frazier wrote:
> On Tue, Nov 03, 2009 at 09:50:57PM +0000, Michael Gilbert wrote:
> > Author: gilbert-guest
> > Date: 2009-11-03 21:50:57 +0000 (Tue, 03 Nov 2009)
> > New Revision: 1563
> >
> > Modified:
> > active/CVE-2009-3547
> > Log:
> > info
> >
> > Modified: active/CVE-2009-3547
> > ===================================================================
> > --- active/CVE-2009-3547 2009-11-03 17:06:50 UTC (rev 1562)
> > +++ active/CVE-2009-3547 2009-11-03 21:50:57 UTC (rev 1563)
> > @@ -12,6 +12,7 @@
> > Brad Spengler *claims* to have already developed a working exploit. Since
> > his previous work has been effective, it is probably true. Hence, this
> > should be treated with high urgency.
> > + - May be not be exploitable on debian due to mmap_min_addr
> > protections?
>
> Well, yes and no. mmap_min_addr won't stop the oops, but helps avoid a
> priv escalation. mmap_min_addr defaults to 0 in lenny, but the last
> DSA recommended users increase that value, and the kernel targeted at
> 5.0.4 has increased the default.
right, i forgot that mmap_min_addr hasn't been applied to the stable
kernels yet.
> For sid/testing, this should only be a local DoS (oops).
ok, so low urgency for squeeze/sid, but high urgency for lenny. thanks
for the clarification.
mike
More information about the kernel-sec-discuss
mailing list