Sign In »
Register Now!
Help
Quote
10 December 2009, 13:06
Linux kernel vulnerabilities closed Several Linux distributors are releasing updated kernel packages to close security holes in the kernel. For instance, very large packets can reportedly be used to remotely provoke a flaw in the TCP/IPv4 stack's ip_defrag() (net/ipv4/ip_fragment.c) function. This can potentially cause null-pointer dereferencing and crash a system.
Whether the flaw can also be exploited to execute code at kernel level by users that are logged into a system at restricted privilege level, which was the case with several previous null-pointer dereferencing bugs, is not mentioned in the distributors' and kernel developers' descriptions. The flaw was discovered in Linux kernel 2.6.32-rc8 and has been fixed in the final version.
Linux kernel vulnerabilities closed Several Linux distributors are releasing updated kernel packages to close security holes in the kernel. For instance, very large packets can reportedly be used to remotely provoke a flaw in the TCP/IPv4 stack's ip_defrag() (net/ipv4/ip_fragment.c) function. This can potentially cause null-pointer dereferencing and crash a system.
Whether the flaw can also be exploited to execute code at kernel level by users that are logged into a system at restricted privilege level, which was the case with several previous null-pointer dereferencing bugs, is not mentioned in the distributors' and kernel developers' descriptions. The flaw was discovered in Linux kernel 2.6.32-rc8 and has been fixed in the final version.
More details at Heise security - http://www.h-online....sed-882270.html
Back to top
MultiQuote