Hosting Provided By

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

From: Tim Wickberg <wickbt(at)rpi.edu>
Date: Thu Sep 27 2007 - 21:07:31 EDT

Apologies if this has already been posted, but:

For CVE-2007-4573 - The proof of concept code posted by Robert Swiecki on the bugtraq list [1] still works as a local root exploit for the Xen kernels on AMD64 in the updated packages:

linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch3_amd64.deb and
linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch3_amd64.deb

[1] http://seclists.org/bugtraq/2007/Sep/0363.html

--

Tim Wickberg
wickbt@rpi.edu
Senior Systems Administrator
Office of the Vice President of Research Rensselaer Polytechnic Institute

--

To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Received on Thu Sep 27 21:08:20 2007

This message: [ Message body ]
Next message: G.W. Haywood: "Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities"
Previous message: Administrator: "[MailServer Notification]Attachment Blocking Notification"
Next in thread: G.W. Haywood: "Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities"
Maybe reply: G.W. Haywood: "Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:53:05 EDT