|
|
|
>> Linux Kernel Multiple Denial of Service and Privilege Escalation Issues
|
Multiple vulnerabilities were identified in Linux Kernel, which could be exploited by malicious users to cause a denial of service and potentially obtain elevated privileges.
The first issue is due to an error in "mm/mempolicy.c" when handling policy system calls, which could be exploited by local attackers to cause a denial of service via a "set_mempolicy" call with a 0 bitmask.
The second flaw is due to a one-byte buffer overrun error in "kernel/sysctl.c" when processing an overly long user-supplied string, which could be exploited by local attackers to potentially execute arbitrary commands.
The third vulnerability is due to an error in "net/ipv4/fib_frontend.c" when processing malformed "fib_lookup" netlink messages, which could cause illegal memory references.
The fourth issue is due to a buffer overflow error in the CA-driver for TwinHan DST Frontend/Card [drivers/media/dvb/bt8xx/dst_ca.c], which could be exploited by malicious users to cause a denial of service or potentially execute arbitrary commands.
Affected Products
Linux Kernel version 2.6.x
Solution
Upgrade to Linux Kernel version 2.6.15 :
http://www.kernel.org/
References
http://www.vupen.com/english/advisories/2006/0035
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15
Credits
Vulnerabilities reported by Doug Chapman, Perceval Anichini and Yi Yang
ChangeLog
2006-01-04 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
