Hi I have not been able to confirm this statement as I do not have access to the bugzilla entries but Redhat advisory claims that in order to exploit this you actually need to create crafted NDB DBM files which is very likely to be a problem in practice. Typically you need write access for the user running the service and then there are easier ways to cause problems than this. This means that this is really a minor security problem if any. It would however be good if someone could confirm the statement from Redhat.
I have marked the issue as no-dsa for wheezy but if someone have information that proove redhat to be wrong then we should change that statement. Best regards // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
