Please support our Tech Talk advertiser:
Featured Entry 
Jun 9th, 2007, 7:14 am
According to postings at Kernel.org concerning a report by Vilmos Nebehaj which was consequently signed off by Linus Torvalds and Chris Wright, the Linux Kernel 2.6.x has multiple security vulnerabilities.
Well, to be precise, two vulnerabilities and what is described as a ‘weakness’ which are capable of being exploited by a malicious local user who could, under the right circumstances, reveal personal information as well as instigate a Denial of Service attack.
The three security flaws are as follows:
Well, to be precise, two vulnerabilities and what is described as a ‘weakness’ which are capable of being exploited by a malicious local user who could, under the right circumstances, reveal personal information as well as instigate a Denial of Service attack.
The three security flaws are as follows:
- A NULL-pointer dereference within netfilter when handling SCTP connections with unknown chunk types can be exploited to crash the kernel, hence the DoS attack vulnerability.
- The cpuset_task_read() function in /kernel/cpuset.c has an underflkow error which could potentially be exploited in order to read the kernel memory, hence the personal information disclosure vulnerability.
- A problem whereby the kernel itself mishandles seeds for random number generation, potentially weakening application security for those programs relying upon secure random number generation, which is described as a weakness although I am more inclined to lump it right into the whole vulnerability basket as it sure makes those applications so impacted rather vulnerable.
This blog entry was written by Bill Andad, staff writer aka newsguy. It has received 3,667 views, 4 comments, and 35 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Jun 9th, 2007.
•
•
•
•
advertising apple botnet browser business crime data development email environment europe facebook firefox forensic games gaming google hacking hardware help ibm internet iphone ipod law legal linux malware microsoft mobile mozilla news privacy research search security social networking software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Comments (Newest First)
Marks256 | Junior Poster | Jun 16th, 2007
•
•
•
•
Well it is still more secure than Window$
John A | Vampirical Moderator | Jun 11th, 2007
•
•
•
•
>do you reackon 2.8 willl ever come out?
It's going to be a while because of the bugs that they keep continually finding in the kernel. Not too long ago Linus Torvals is quoted saying that they might have to do a whole bug fixing release cycle because of the vulnerabilities that are creeping into the kernel. Once they iron out these creases, I'm sure the release of the 2.8 kernel won't be too far away.
It's going to be a while because of the bugs that they keep continually finding in the kernel. Not too long ago Linus Torvals is quoted saying that they might have to do a whole bug fixing release cycle because of the vulnerabilities that are creeping into the kernel. Once they iron out these creases, I'm sure the release of the 2.8 kernel won't be too far away.
Sturm | Veteran Poster | Jun 9th, 2007
•
•
•
•
Darn it, im using 2.6.21.3-2.
jbennet | Microsoft Fanboy | Jun 9th, 2007
•
•
•
•
do you reackon 2.8 willl ever come out?
and what about all the "stable" distros using 2.4? will they get fixes backported?
and what about all the "stable" distros using 2.4? will they get fixes backported?
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- It's True -- Some People Want You Kept in the Dark (11 Hours Ago)
- Virtual physios to soothe stroke recovery (1 Day Ago)
- AMDS Gloomy Future. (1 Day Ago)
- Don't Allow Security Breaches to Rip Your Britches (3 Days Ago)
- Four letters, 8 points, describes Scrabulous (3 Days Ago)
- 16.5 million households now online in UK (3 Days Ago)
- Internet Speed Tests Provide Misleading Results (3 Days Ago)
- Microsoft's Photosynth Will Fail (3 Days Ago)
- Swedes test faultless iPhone 3G and surprisingly find no faults (4 Days Ago)
- Redhat and Fedora Servers breached (4 Days Ago)
Related Forum Threads
- What's better? Windows 2000 Server or Linux Server? (Windows Servers and IIS)
- linux FFS kernel support (Getting Started and Choosing a Distro)
- 1000% Speed Increase Using Linux Kernel 2.6 (Kernels and Modules)
- problem installing linux drivers, help me and ya got my respect!!! (*nix Hardware Configuration)
- Installing Linux without floppy and CD (*nix Software)
- Tutorials for Linux (*nix Software)
