>> However, the exploit posted this morning on vulnwatch indicates that
>> such an exploit exists against Linux.
>
> Again:
> No, the exploit posted on vulnwatch this morning works agains xBSD
> only.

If you read the comments in the .c file, you will see their claim that
they have exploited this under linux. Quoting below:

 * However, contrary to what ISS would have you believe, we have
 * successfully exploited this hole on the following operating systems:
 *
 * Sun Solaris 6-8 (sparc/x86)
 * FreeBSD 4.3-4.5 (x86)
 * OpenBSD 2.6-3.1 (x86)
 * Linux (GNU) 2.4 (x86)

So either they are bluffing or the eploit does exist. I prefer not to
assume the former. And I don't exactly consider these folks a trusted
third party.

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]