Security holes in Linux kernel

An attacker could exploit three vulnerabilities in the Linux kernel to cause a denial of service and launch malicious code.

Attackers could exploit security holes in the Linux kernel to cause a denial of service, corrupt memory and launch malicious code. But users can update to a newer version in which the flaws are fixed.

Danish security firm Secunia described three "moderately critical" vulnerabilities in an advisory:

  • An error in ROSE due to missing verification of the ndigis argument of new routes;
  • A user with permission to access a SCSI tape device can send certain commands that could render the device unusable for other users; and
  • Unspecified glitches in the ISO9660 file system handler, including the Rock Ridge and Juliet extensions, could be exploited by a specially crafted file system to cause a denial of service or memory corruption, which could then allow the attacker to launch malicious code.
Related information

Time to turn Linux enthusiasts into evangelists

Mainstream means more malicious code for Linux

Secunia said these issues specifically affect Linux Kernel 2.6 and that the vulnerabilities are fixed in version 2.6.12-rc1.

More information is available at Kernel.org.

Dig deeper on Alternative OS security: Mac, Linux, Unix, etc.

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close