 |  |  |  |  |  |  |  |
Linux Kernel 2.6.x vulnerabilities
According to postings at Kernel.org concerning a report by Vilmos Nebehaj which was consequently signed off by Linus Torvalds and Chris Wright, the Linux Kernel 2.6.x has multiple security vulnerabilities.
Well, to be precise, two vulnerabilities and what is described as a ‘weakness’ which are capable of being exploited by a malicious local user who could, under the right circumstances, reveal personal information as well as instigate a Denial of Service attack.
The three security flaws are as follows:
Well, to be precise, two vulnerabilities and what is described as a ‘weakness’ which are capable of being exploited by a malicious local user who could, under the right circumstances, reveal personal information as well as instigate a Denial of Service attack.
The three security flaws are as follows:
- A NULL-pointer dereference within netfilter when handling SCTP connections with unknown chunk types can be exploited to crash the kernel, hence the DoS attack vulnerability.
- The cpuset_task_read() function in /kernel/cpuset.c has an underflkow error which could potentially be exploited in order to read the kernel memory, hence the personal information disclosure vulnerability.
- A problem whereby the kernel itself mishandles seeds for random number generation, potentially weakening application security for those programs relying upon secure random number generation, which is described as a weakness although I am more inclined to lump it right into the whole vulnerability basket as it sure makes those applications so impacted rather vulnerable.
0
•
•
•
•
do you reackon 2.8 willl ever come out?
and what about all the "stable" distros using 2.4? will they get fixes backported?
and what about all the "stable" distros using 2.4? will they get fixes backported?
0
•
•
•
•
>do you reackon 2.8 willl ever come out?
It's going to be a while because of the bugs that they keep continually finding in the kernel. Not too long ago Linus Torvals is quoted saying that they might have to do a whole bug fixing release cycle because of the vulnerabilities that are creeping into the kernel. Once they iron out these creases, I'm sure the release of the 2.8 kernel won't be too far away.
It's going to be a while because of the bugs that they keep continually finding in the kernel. Not too long ago Linus Torvals is quoted saying that they might have to do a whole bug fixing release cycle because of the vulnerabilities that are creeping into the kernel. Once they iron out these creases, I'm sure the release of the 2.8 kernel won't be too far away.
Similar Threads
- How to better study Linux kernel? (Kernels and Modules)
- how to get the linux kernel version in cpp program (C++)
- linux FFS kernel support (Getting Started and Choosing a Distro)
- News Story: Linux kernel development process may be halted (Upcoming News Stories)
- 1000% Speed Increase Using Linux Kernel 2.6 (Kernels and Modules)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
advertising age amd apple avatar bluegene botnet browser business cellphone censorship china chips copyright crime data database development dos downloads economy email encryption energy enterprise europe facebook firefox gadget games gaming google government hacker hacking hardware ibm ibm.news intelibm internet iphone ipod itunes law legal linux mac malware marketing mcafee medicine memory microsoft mobile mozilla music news openoffice opensource os pc phishing piracy porn privacy ps3 recession redhat report research russia satnav search security sex socialnetworking software spam sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web windows windows7 working worm x86 xbox yahoo youtube
