14 Nov
2000
14 Nov
'00
14:42
On Tue, 14 Nov 2000, Roman Drahtmueller wrote:
You don't need any kind of script. But: ping6 is the only program known so far that could trigger the loading of modules with arbitrary names.
Maybe, but Bastian's original question remains unanswered: SuSE 6.3 shipped with modules-2.3.6-3. Does this version already contain the vulnerability? And if so, can we expect a fixed RPM from SuSE? With a few million lines of custom code on 500+ SuSE 6.3 boxes here, it is not too assuring that ping6 is the only package _you_ know to exploit the bug. Cheers, Knut -- Knut Woller My opinions do not necessarily DESY -IT- reflect the views of my employer. Hamburg And vice versa.