Gentoo has fixed a vulnerability in the 2.6 Linux kernel that could be exploited for a remote denial-of-service attack. The company calls this a "high-impact" flaw and recommends users update to newer versions of the kernel. . . .
Gentoo has fixed a vulnerability in the 2.6 Linux kernel that could be exploited for a remote denial-of-service attack. The company calls this a "high-impact" flaw and recommends users update to newer versions of the kernel.

The advisory said the security hole can be exploited by a malformed TCP packet with a header length longer than 127 bytes. "By sending one malformed packet, the kernel could get stuck in a loop, consuming all of the CPU resources and rendering the machine useless, causing a denial of service," the advisory said. "This vulnerability requires no local access."

Asked if an exploit of the flaw would put data at risk, Gentoo Linux X86 Core and Kernel Team member Tim Yamin said in an e-mail, "No data would be lost as such. But if fresh data is in the kernel's buffers and not yet written to disk[s] it may be lost if the kernel does not come out of the infinite loop."

The link for this article located at techtarget.com is no longer available.