Debian 3.1: DSA 1097-1 Critical: Kernel Local And Remote Threats
debian
June 14, 2006
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code
Topics Covered
Summary
"Solar Designer" discovered that arithmetic computations in netfilter's
do_replace() function can lead to a buffer overflow and the execution of
arbitrary code. However, the operation requires CAP_NET_ADMIN privileges,
which is only an issue in virtualization systems or fine grained access
control systems.
CVE-2006-0039
"Solar Designer" discovered a race condition in netfilter's
do_add_counters() function, which allows information disclosure of
kernel memory by exploiting a race condition. Like CVE-2006-0038,
it requires CAP_NET_ADMIN privileges.
CVE-2006-0741
Intel EM64T systems were discovered to be susceptible to a local
DoS due to an endless recursive fault related to a bad ELF entry
address.
CVE-2006-0742
incorrectly declared die_if_kernel() function as "does never
return" which could be exploited by a local attacker resulting in
a kernel crash.
CVE-2006-1056
AMD64 machines (and other 7th and 8th generatio...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!