I think that a Denial of Service condition is a vulnerability, but lots of other people don’t. Last week Dave G. over at Matasano posted a seemingly very simple explanation that nicely sums up the way I’d always been taught to think about these sorts of issues:
The ability to halt or shutdown most modern operating systems usually requires credentials (you must hava an account or be on console) and privilege (you must be in the wheel or admin group). If you can bypass authentication and authorization requirements and cause a machine to panic (let alone gracefully shutdown), then I think we have a security problem.
Security being the contentious field that it is, plenty of folks didn’t agree with his assessment. The discussion in comments (now up to 32) is well worth reading and brings up some great alternative viewpoints. Where do you stand on this issue?