[Ernest_at_the_Beach]

fyi

[jimtorr]

This is not new. The flaw has been noted a number of times over the past few months.

[Swordmaker]

Already posted over here:

http://www.freerepublic.com/focus/f-chat/1742381/posts

[Swordmaker]

"In addition to being used to compromise a computer, the flaw could be exploited by malicious local users to gain escalated privileges to the system, the security company said."

Balderdash... Not one demonstration of such an escalation has been shown... Certainly, Secunia has not demonstrated an escalation of privileges... nor has the "Month of Kernal Bugs" demonstrated one.

The OS merely crashes, creating a local "denial-of-service" condition, requiring a hardware restart. How is that going to allow a "malicious local user" to escalate his privileges? Unless he already knows an administrator or root name and password he can only log back on as the same user as before with the same privleges. And if he does know those names and passwords, he merely has to switch user.and there's no need to crash the system to do that.

Certainly this is a kernal flaw... and it needs to be fixed.

But it is not the "Critical" security hole Secunia, and subsequent re-printers of their FUD such as C-Net, are frothing at the mouth about.

It isn't even a long-term Denial-of-Service situation... for this to happen a local user has to be sitting at the computer trying to open a .dmg file. He will certainly notice the kernal panic and restart the computer, restoring the service within a minute or two.

[ShadowAce]

[Dont Mention the War]

a blog devoted to a 'Month of Kernel Bugs' campaign which promises to reveal details of a new flaw in low-level software every day this month.

Uh, so what happened to November 1 - November 21?