Again: No, the exploit posted on vulnwatch this morning works agains xBSD only.
If you read the comments in the .c file, you will see their claim that they have exploited this under linux. Quoting below:
* However, contrary to what ISS would have you believe, we have * successfully exploited this hole on the following operating systems: * * Sun Solaris 6-8 (sparc/x86) * FreeBSD 4.3-4.5 (x86) * OpenBSD 2.6-3.1 (x86) * Linux (GNU) 2.4 (x86)
So either they are bluffing or the eploit does exist. I prefer not to assume the former. And I don't exactly consider these folks a trusted third party.
Unless I see the exploit working, I don't believe it.
This, however, does not have any influence on the severity of the bug: a
_possible_ code execution vulnerability is just as bad as an evident code
execution vulnerability.
Roman.
--
- -
| Roman Drahtmüller