Debian 3.1 DSA-1103-1 Critical: Kernel Denial Of Service Threats
debian
June 27, 2006
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code
Topics Covered
Summary
Franz Filz discovered that some socket calls permit causing inconsistent
reference counts on loadable modules, which allows local users to cause
a denial of service.
CVE-2006-0038
"Solar Designer" discovered that arithmetic computations in netfilter's
do_replace() function can lead to a buffer overflow and the execution of
arbitrary code. However, the operation requires CAP_NET_ADMIN privileges,
which is only an issue in virtualization systems or fine grained access
control systems.
CVE-2006-0039
"Solar Designer" discovered a race condition in netfilter's
do_add_counters() function, which allows information disclosure of kernel
memory by exploiting a race condition. Likewise, it requires CAP_NET_ADMIN
privileges.
CVE-2006-0456
David Howells discovered that the s390 assembly version of the
strnlen_user() function incorrectly returns some string size values.
CVE-2006-0554
It was discovered that the ftruncate() f...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!