uml-utilities version 20030903 is susceptible to a denial of service vulnerability via the uml-net utility running setuid root and being able to take down the system's ethernet connection.
7865d6b62e1c5ca1c01ea1e07943af6e336d6ed25181b424183688b18bcc1236
From djb@cr.yp.to Wed Dec 15 14:23:20 2004
Date: 15 Dec 2004 08:32:41 -0000
From: D. J. Bernstein <djb@cr.yp.to>
To: securesoftware@list.cr.yp.to, user-mode-linux-devel@lists.sourceforge.net
Subject: [local] [kill] uml-utilities 20030903 uml_net slip_down() fails to
check permissions
Danny Lungstrom, a student in my Fall 2004 UNIX Security Holes course,
has discovered that uml_net, when installed setuid root (as is normal),
allows any local user to type
./uml_net 4 slip down eth0
to take down the computer's Ethernet connection. The connection stays
down until the system administrator manually brings it back up. I'm
publishing this notice, but all the discovery credits should be assigned
to Lungstrom.
The underlying bug is that, in slip.c, slip_down() has no idea whether
the user is actually allowed to take down the specified interface.
---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago