Re: Linux 2.6.16.16

From: Adrian Bunk
Date: Sat May 13 2006 - 11:56:20 EST


On Sat, May 13, 2006 at 05:35:19PM +0200, Ingo Oeser wrote:
> Hi Chris,
>
> first of all: Thanks for the good work!
>
> On Thursday, 11. May 2006 19:33, Chris Wright wrote:
> > Assigning any official severity is a bit of a slippery slope, but
> > making sure it's clear what type of issue (i.e. local DoS in this case)
> > is very reasonable.
>
> Yes, I agree.
>
> I would like to know:
> - local or remote exploitable
> - if a DoS: hang, only service failure, major slowdown
> - privilege escalation possiible and how far (valid user, root, kernel-level)
> - required privileges (root or user)
>
> That would help risk management a lot :-)
>
> If you have a lot of time: Affected software components, but these can
> be taken from the patches/commit info or CVE.

The CVE should be enough for easily getting all information you
requested.

Information whether it's a DoS or a root exploit is helpful, but any
qualified person doing risk management will anyways lookup the CVE.

> Thanks & Regards
>
> Ingo Oeser

cu
Adrian

--

"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/