Debian DSA 336-1: Critical Denial Of Service Kernel Issues
debian
July 1, 2003
A number of vulnerabilities have been discovered in the Linux kernel.
Topics Covered
Summary
A number of vulnerabilities have been discovered in the Linux kernel.
- - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for
Linux kernels 2.4.18 and earlier on x86 systems allow local users to
kill arbitrary processes via a a binary compatibility interface
(lcall)
- - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device
drivers do not pad frames with null bytes, which allows remote
attackers to obtain information from previous packets or kernel
memory by using malformed packets
- - CAN-2003-0127: The kernel module loader allows local users to gain
root privileges by using ptrace to attach to a child process that is
spawned by the kernel
- - CAN-2003-0244: The route cache implementation in Linux 2.4, and the
Netfilter IP conntrack module, allows remote attackers to cause a
denial of service (CPU consumption) via packets with forged source
addresses that cause a large number of hash table collisions related
to the PREROUTING chain
- - CAN-2003-024...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: kernel-source-2.2.20, kernel-image-2.2.20-i386
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!