Debian DSA 332-1 Moderate: Local And Remote Kernel Threats
debian
June 28, 2003
This advisory provides corrected source code for Linux 2.4.17, andcorrected binary kernel images for the mips and mipsel architectures.Other versions and architectures will be cove...
Topics Covered
Summary
A number of vulnerabilities have been discovered in the Linux kernel.
- CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for
Linux kernels 2.4.18 and earlier on x86 systems allow local users to
kill arbitrary processes via a a binary compatibility interface
(lcall)
- CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device
drivers do not pad frames with null bytes, which allows remote
attackers to obtain information from previous packets or kernel
memory by using malformed packets
- CAN-2003-0127: The kernel module loader allows local users to gain
root privileges by using ptrace to attach to a child process that is
spawned by the kernel
- CAN-2003-0244: The route cache implementation in Linux 2.4, and the
Netfilter IP conntrack module, allows remote attackers to cause a
denial of service (CPU consumption) via packets with forged source
addresses that cause a large number of hash table collisions related
to the PREROUTING chain
- CAN-2003-0246: The iop...
PREVIOUS
NEXT
Package: kernel-source-2.4.17, kernel-patch-2.4.17-mips
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!