In message <199706260423.VAA25317@lestat.nas.nasa.gov>, Jason Thorpe writes:
>Umm... maybe I'm missing something... but, if you don't have physical
>access, how is the presence of DDB going to allow a user to drop the
>security level?  (Assuming, of course, that you are referring to the
>mere presence of DDB.)

Sorry, i wasn't explicit enough; i meant that the original bug (as
reported in the advisory) does not require physical access to the
machine to exploit. There's no bug that involves the DDB and security
levels that i know of, which can be exploited remotely.
Cheers,
-Angelos