-
June 26th, 2004, 06:16 PM
#1
2 Vulns in Linux
I didn't see those post so here we go
Linux Broadcom 5820 Cryptonet Driver Integer Overflow : http://www.securityfocus.com/archive/1/366889
Linux kernel IEEE 1394(Firewire) driver - integer overflows : http://www.securityfocus.com/archive/1/366752
-
June 27th, 2004, 12:25 AM
#2
Any Idea what Distroś Effected????
-
June 27th, 2004, 01:29 AM
#3
I think it's Red Hat 8.0 but not quite sure.
-
June 27th, 2004, 01:35 AM
#4
Originally posted here by reaper44
Any Idea what Distroś Effected????
.... That would be any distro, or box running the affected kernel versions. Which in this case appears to be any running a 2.4.x or 2.6.x series kernel without third party patches to the kernel to limit/inhibit abusive memory manipulations (e.g. grsec, LIDS, NSA SEL).
--spurious
I say again... "Computer security is fundamentally a Software Engineering problem."
Get OpenSolaris http://www.opensolaris.org/
-
June 27th, 2004, 10:18 AM
#5
Any distro would be affected, however it's mitigated by the fact that these drivers would have to be present for the kernel to be vulnerable.
Additionally, the user might need extra privileges in order to be able to exploit them. These are device driver bugs, so it seems likely that the user would need access to the raw devices to be able to exploit them.
In Linux, only a few devices are granted to all users by default - although this is distro specific obviously.
I think it's fairly unlikely that they're exploitable in the default configuration on most distros.
Slarty
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|