Linux Kernel Multiple Vulnerabilities
- 0
- Add a Comment
- No Related Post
Release Date: 2005-03-29
Critical: Moderately critical
Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access
Where: From remote
Solution Status: Vendor Patch
OS: Linux Kernel 2.4.x, Linux Kernel 2.6.x
Multiple vulnerabilities have been reported in the Linux kernel, which can be exploited to disclose information, cause a DoS (Denial of Service), gain escalated privileges, or potentially compromise a vulnerable system.
1) Some unspecified errors have been reported in the ISO9660 filesystem handler including Rock Ridge and Juliet extensions. These can be exploited via a specially crafted filesystem to cause a DoS or potentially corrupt memory leading to execution of arbitrary code.
2) A signedness error in the “bluez_sock_create()” function when creating bluetooth sockets can potentially be exploited to gain root privileges on a vulnerable system.
3) An information leak exists in ext2 when creating new directories and may disclose kernel memory.
4) An error in load_elf_library can be exploited to cause a DoS.
Solution: Update to version 2.6.11.6.
http://kernel.org/
The vulnerabilities have also been fixed in version 2.4.30-rc2.”
Full article: Secunia Advisory: SA14713