Re: [ MDKSA-2006:116 ] - Updated kernel packages fixes multiple vulnerabilities

[Paul Starzetz <paul () starzetz de>]

security () mandriva com wrote:

> Prior to 2.6.15, the auto-reap child processes included processes with
> ptrace attached, leading to a dangling ptrace reference and allowing
> local users to cause a Denial of Service (crash) (CVE-2005-3784). 
This information is not fully correct - CVE-2005-3784 leads to an 
IMMEDIATE root compromise of vulnerable machines. But I'm not going to 
provide a PoC :-]

with best regards

Paul Starzetz