Article

Security holes in Linux kernel

SearchSecurity.com Staff

Attackers could exploit security holes in the Linux kernel to cause a denial of service, corrupt memory and launch malicious code. But users can update to a newer version in which the flaws are fixed.

Danish security firm Secunia described three "moderately critical" vulnerabilities in an advisory:

    Requires Free Membership to View

  • An error in ROSE due to missing verification of the ndigis argument of new routes;
  • A user with permission to access a SCSI tape device can send certain commands that could render the device unusable for other users; and
  • Unspecified glitches in the ISO9660 file system handler, including the Rock Ridge and Juliet extensions, could be exploited by a specially crafted file system to cause a denial of service or memory corruption, which could then allow the attacker to launch malicious code.
Related information

Time to turn Linux enthusiasts into evangelists

Mainstream means more malicious code for Linux

Secunia said these issues specifically affect Linux Kernel 2.6 and that the vulnerabilities are fixed in version 2.6.12-rc1.

More information is available at Kernel.org.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: