Comment 29 for bug 413656

I think that the point of #24 and probably #27 is that the suggested workround for RHEL4/5 does _not_ close all the possible ways to exploit this exploit, ie adding just:

  install pppox /bin/true
  install bluetooth /bin/true

will (for example) still allow code using PF_INET6, SOCK_STREAM, IPPROTO_SCTP to exploit the hole if ipv6 and sctp are available.

One of the links from #5 has some sample exploit code which tried a whole bunch of different options to the socket call to see if any of them work.

BTW I'm puzzled that this bz is still marked as 'new' - surely it ought to have been confirmed and the proposed patches passed to engineering by now... Maybe that the bug is only regarded as 'important' (well in #10 it is), means that we will have to wait for the next regular kernel update for this to be fixed.

 -- Jon