News Stay informed about the latest enterprise technology news and product updates.

Security holes in Linux kernel

An attacker could exploit three vulnerabilities in the Linux kernel to cause a denial of service and launch malicious code.

Attackers could exploit security holes in the Linux kernel to cause a denial of service, corrupt memory and launch malicious code. But users can update to a newer version in which the flaws are fixed.

Danish security firm Secunia described three "moderately critical" vulnerabilities in an advisory:

  • An error in ROSE due to missing verification of the ndigis argument of new routes;
  • A user with permission to access a SCSI tape device can send certain commands that could render the device unusable for other users; and
  • Unspecified glitches in the ISO9660 file system handler, including the Rock Ridge and Juliet extensions, could be exploited by a specially crafted file system to cause a denial of service or memory corruption, which could then allow the attacker to launch malicious code.
Related information

Time to turn Linux enthusiasts into evangelists

Mainstream means more malicious code for Linux

Secunia said these issues specifically affect Linux Kernel 2.6 and that the vulnerabilities are fixed in version 2.6.12-rc1.

More information is available at

Dig Deeper on Alternative operating system security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.