Results 1 to 3 of 3

Thread: Linux Kernel Multiple Vulnerabilities

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Linux Kernel Multiple Vulnerabilities

    Description:
    Some vulnerabilities have been reported in the Linux kernel. These can be exploited by malicious, local users to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service), or by malicious people to cause a DoS or bypass certain security restrictions.

    1) Insufficient permission checking in the "shmctl()" function allows any process to lock/unlock arbitrary System V shared memory segments that fall within the RLIMIT_MEMLOCK limit.

    This can be exploited to unlock locked memory of other processes, which may result in sensitive information being written to swap space.

    2) A race condition exists in the terminal handling of the "setsid()" function used for starting new process sessions.

    3) Table sizes in "nls_ascii.c" are incorrectly set to 128 instead of 256, which may be exploited to cause buffer overflows and crash the kernel.

    4) A design error in the netfilter/iptables module can be exploited to crash the kernel or bypass firewall rules via specially crafted packets.

    Solution:
    1-2) Secunia is currently not aware of an updated kernel version addressing the vulnerabilities. Grant only trusted users access to affected systems.
    3) The vulnerability has been fixed in version 2.6.11-rc1.
    4) The vulnerability has been fixed in version 2.6.11-rc3.
    Source : http://secunia.com/advisories/14295/
    -Simon \"SDK\"

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Some vulnerabilities have been reported in the Linux kernel. These can be exploited by malicious, local users to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service), or by malicious people to cause a DoS or bypass certain security restrictions.
    Fud...................It's possible to do all this with a live distro and a finger on the power button.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Fud...................It's possible to do all this with a live distro and a finger on the power button.
    Assuming you have physical access..just cuz your a local user != physical access
    That which does not kill me makes me stronger -- Friedrich Nietzche

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •