blob: 71d0f7894c31adc2f4f934e3324897014050f9cd (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Sending SysRq command via ICMP echo request
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1327484
https://lwn.net/Articles/448790/
Notes:
carnil> This CVE is in effect only when the rt featureset
carnil> is enabled, and the aptch features/all/rt/ping-sysrq.patch
carnil> is active.
bwh> ... and when the feature is enabled by setting a sysctl. So far
bwh> as I can see, this is a debug feature that was not meant to be
bwh> enabled on production systems.
Bugs:
upstream: N/A "Vulnerable code not present"
3.16-upstream-stable: N/A "Vulnerable code not present"
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: N/A "Vulnerable code not present"
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: ignored "Debug feature works as intended"
|