>> Linux Kernel Security Update Fixes Multiple Denial of Service Vulnerabilities
Title : Linux Kernel Security Update Fixes Multiple Denial of Service Vulnerabilities VUPEN ID : VUPEN/ADV-2006-2451 CVE ID : CVE-2006-2445 - CVE-2006-2448 - CVE-2006-3085
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-06-20
Technical Description
Multiple vulnerabilities have been identified in Linux Kernel, which could be exploited by attackers or malicious users to cause a denial of service.
The first issue is due to a race condition error in the "posix-cpu-timers.c" script that does not prevent another CPU from attaching the timer to an exiting process, which could be exploited by attackers to cause a denial of service.
The second flaw is due to errors in "powerpc/kernel/signal_32.c" and "powerpc/kernel/signal_32.c", which could allow userspace to provoke a machine check on 32-bit kernels.
The third vulnerability is due to an infinite loop in "netfilter/xt_sctp.c", which could be exploited by attackers to exhaust all available memory resources, creating a denial of service condition.
