joeyh at alioth.debian.org
2008-Nov-08 09:14 UTC
[Secure-testing-commits] r10343 - data/CVE
Author: joeyh Date: 2008-11-08 09:14:13 +0000 (Sat, 08 Nov 2008) New Revision: 10343 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-08 09:09:46 UTC (rev 10342) +++ data/CVE/list 2008-11-08 09:14:13 UTC (rev 10343) @@ -3500,17 +3500,17 @@ NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3) NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2) NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4) - NOTE: Comment from tytso: - NOTE: Note: some people thinks this represents a security bug, since it - NOTE: might make the system go away while it is printing a large number of - NOTE: console messages, especially if a serial console is involved. Hence, - NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker - NOTE: either has physical access to your machine to insert a USB disk with a - NOTE: corrupted filesystem image (at which point why not just hit the power - NOTE: button), or is otherwise able to convince the system administrator to - NOTE: mount an arbitrary filesystem image (at which point why not just - NOTE: include a setuid shell or world-writable hard disk device file or some - NOTE: such). Me, I think they''re just being silly. + NOTE: Comment from tytso: + NOTE: Note: some people thinks this represents a security bug, since it + NOTE: might make the system go away while it is printing a large number of + NOTE: console messages, especially if a serial console is involved. Hence, + NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker + NOTE: either has physical access to your machine to insert a USB disk with a + NOTE: corrupted filesystem image (at which point why not just hit the power + NOTE: button), or is otherwise able to convince the system administrator to + NOTE: mount an arbitrary filesystem image (at which point why not just + NOTE: include a setuid shell or world-writable hard disk device file or some + NOTE: such). Me, I think they''re just being silly. CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects ...) TODO: check CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in ...)