Some vulnerabilities have been reported in the Linux kernel. These can be exploited by malicious, local users to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service), or by malicious people to cause a DoS or bypass certain security restrictions.
1) Insufficient permission checking in the "shmctl()" function allows any process to lock/unlock arbitrary System V shared memory segments that fall within the RLIMIT_MEMLOCK limit.
This can be exploited to unlock locked memory of other processes, which may result in sensitive information being written to swap space.
2) A race condition exists in the terminal handling of the "setsid()" function used for starting new process sessions.
3) Table sizes in "nls_ascii.c" are incorrectly set to 128 instead of 256, which may be exploited to cause buffer overflows and crash the kernel.
4) A design error in the netfilter/iptables module can be exploited to crash the kernel or bypass firewall rules via specially crafted packets.
1-2) Secunia is currently not aware of an updated kernel version addressing the vulnerabilities. Grant only trusted users access to affected systems.
3) The vulnerability has been fixed in version 2.6.11-rc1.
4) The vulnerability has been fixed in version 2.6.11-rc3.