I didn't see those post so here we go
Linux Broadcom 5820 Cryptonet Driver Integer Overflow : http://www.securityfocus.com/archive/1/366889
Linux kernel IEEE 1394(Firewire) driver - integer overflows : http://www.securityfocus.com/archive/1/366752
Printable View
I didn't see those post so here we go
Linux Broadcom 5820 Cryptonet Driver Integer Overflow : http://www.securityfocus.com/archive/1/366889
Linux kernel IEEE 1394(Firewire) driver - integer overflows : http://www.securityfocus.com/archive/1/366752
Any Idea what Distroś Effected????
I think it's Red Hat 8.0 but not quite sure.
.... That would be any distro, or box running the affected kernel versions. Which in this case appears to be any running a 2.4.x or 2.6.x series kernel without third party patches to the kernel to limit/inhibit abusive memory manipulations (e.g. grsec, LIDS, NSA SEL).Quote:
--spurious
I say again... "Computer security is fundamentally a Software Engineering problem." :)
Any distro would be affected, however it's mitigated by the fact that these drivers would have to be present for the kernel to be vulnerable.
Additionally, the user might need extra privileges in order to be able to exploit them. These are device driver bugs, so it seems likely that the user would need access to the raw devices to be able to exploit them.
In Linux, only a few devices are granted to all users by default - although this is distro specific obviously.
I think it's fairly unlikely that they're exploitable in the default configuration on most distros.
Slarty