Results 1 to 5 of 5

Thread: 2 Vulns in Linux

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    2 Vulns in Linux

    I didn't see those post so here we go

    Linux Broadcom 5820 Cryptonet Driver Integer Overflow : http://www.securityfocus.com/archive/1/366889

    Linux kernel IEEE 1394(Firewire) driver - integer overflows : http://www.securityfocus.com/archive/1/366752
    -Simon \"SDK\"

  2. #2
    Any Idea what Distroś Effected????

  3. #3
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    I think it's Red Hat 8.0 but not quite sure.
    -Simon \"SDK\"

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    245
    Originally posted here by reaper44
    Any Idea what Distroś Effected????
    .... That would be any distro, or box running the affected kernel versions. Which in this case appears to be any running a 2.4.x or 2.6.x series kernel without third party patches to the kernel to limit/inhibit abusive memory manipulations (e.g. grsec, LIDS, NSA SEL).

    --spurious

    I say again... "Computer security is fundamentally a Software Engineering problem."
    Get OpenSolaris http://www.opensolaris.org/

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Any distro would be affected, however it's mitigated by the fact that these drivers would have to be present for the kernel to be vulnerable.

    Additionally, the user might need extra privileges in order to be able to exploit them. These are device driver bugs, so it seems likely that the user would need access to the raw devices to be able to exploit them.

    In Linux, only a few devices are granted to all users by default - although this is distro specific obviously.

    I think it's fairly unlikely that they're exploitable in the default configuration on most distros.

    Slarty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •