Do people exaggerate in security advisories?

From: Manuel Reimer
Date: Fri Jan 04 2008 - 07:14:28 EST

Next message: David Howells: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
Previous message: Gautham R Shenoy: "__get_cpu_var() called from a preempt-unsafe context in__rcu_preempt_unboost() ?"
Next in thread: Manuel Reimer: "Re: Do people exaggerate in security advisories?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I found this one today:

http://securitytracker.com/alerts/2007/Oct/1018782.html

In the git changelog:

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b608390595783
7a271e80b187e

noone leaves any word about privilege escalation.

Is it really possible to get root privileges with this bug or are there people who just write "may be used to escalate privileges" near any bug which has something to do with "setuid" or "setgid"?

Thanks in advance

CU

Manuel

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Howells: "Re: isofs oops - d_splice_alias+0x1f (2.6.24-rc5-mm1)"
Previous message: Gautham R Shenoy: "__get_cpu_var() called from a preempt-unsafe context in__rcu_preempt_unboost() ?"
Next in thread: Manuel Reimer: "Re: Do people exaggerate in security advisories?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]