Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Important RH kernel security advisory

Published: 2006-05-26
Last Updated: 2006-05-26 18:57:22 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
Over at the NISCC they posted information about RHSA-2006:0493-6 Important: kernel security update.

The RH Advisory includes fixes for a number of issues in addition to the ones I copied next;

* a flaw in the SCTP-netfilter implementation that allowed a remote user to cause a denial of service (infinite loop) (CVE-2006-1527, important)

* a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences (CVE-2006-1864, moderate)

* a flaw in the ECNE chunk handling of SCTP that allowed a remote user to cause a denial of service (panic) (CVE-2006-2271, moderate)

* a flaw in the handling of COOKIE_ECHO and HEARTBEAT control chunks of SCTP that allowed a remote user to cause a denial of service (panic) (CVE-2006-2272, moderate)

* a flaw in the handling of DATA fragments of SCTP that allowed a remote user to cause a denial of service (infinite recursion and crash) (CVE-2006-2274, moderate)
Keywords:
0 comment(s)
Diary Archives