Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian 4.0 DSA-1436-1 Critical: Local Kernel Denial Of Service Exploit

debian
Calendar Grey December 20, 2007
Debian Logo
Local vulnerabilities in Debian's Linux kernel resolved to address DoS and arbitrary code execution threats. Update recommended.
LMH reported an issue in the minix filesystem that allows local users with mount privileges to create a DoS (printk flood) by mounting a specially crafted corrupt filesystem.

Summary


LMH reported an issue in the minix filesystem that allows local users
with mount privileges to create a DoS (printk flood) by mounting a
specially crafted corrupt filesystem.

CVE-2007-5966

Warren Togami discovered an issue in the hrtimer subsystem that allows
a local user to cause a DoS (soft lockup) by requesting a timer sleep
for a long period of time leading to an integer overflow.

CVE-2007-6063

Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl
handling, exploitable by a local user.

CVE-2007-6206

Blake Frantz discovered that when a core file owned by a non-root user
exists, and a root-owned process dumps core over it, the core file
retains its original ownership. This could be used by a local user to
gain access to sensitive information.

CVE-2007-6417

Hugh Dickins discovered an issue in the tmpfs filesystem where, under
a rare circumstance, a kernel page maybe improperly cleared, leaking
sensitiv...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here