Linux Online - New nest of Linux bugs uncovered::
Linux Kernel Development A security researcher has uncovered yet another set of security flaws in an image component which could put Linux users at risk
http://www.linux.org/news/2004/12/10/0005.htmlHOME |
Security researchers are warning of potentially serious vulnerabilities in the Linux kernel that could allow malicious hackers to gain full super-user privileges.
The vulnerability affects the 2.6.x branch prior to version 2.6.3 and the Linux kernel memory management code.
Experts note that the latest bug is unrelated to a previous vulnerability in the same internal kernel function code.
Users are urged to update to version 2.6.3 at the Linux Kernel Archives.
According to an advisory issued by Secunia, a boundary error in the "ncp_lookup()" function causes the privilege escalation flaw.
"This can be exploited to cause a stack overflow and may allow execution of arbitrary code with escalated privileges," the Copenhagen-based research firm warned.
The bug could also cause denial-of-service attacks (define) on the available system memory. Linux distributors SuSE, Red Hat have issued updates to correct the flaw.
Secunia also issued a separate advisory for another hole in the Linux kernel, which can be exploited by malicious, local users to cause denial-of-service issues. The vulnerability was found in the Vicam USB driver and could be exploited to violate security boundaries in the kernel. Linux versions prior to 2.4.25 are affected.
 Pentagon Clusters Around Linux
 Bye-Bye to BIOS? | 
HOME
PRINT
Add to favorites