Linux Kernel Vulnerability, Ethereal Patches
Linux Kernel Vulnerability
Paul Starzetz ( http://www.isec.pl ) identified a new vulnerability in all current linux kernels ( 2.2, 2.4 and 2.6 ). This vulnerability could allow unprivileged users to gain root access.
So far, we have not seen an exploit for this vulnerability.
New kernels were released today for all major linux distributions.
Kernel upgrades can be tricky and require a reboot of your system. Be advised to carefully test new kernels before deploying them. While this vulnerability is not directly remotely exploitable, it is possible that other vulnerabilities (e.g. cgi scripts) will be used to gain access to a machine as a non-privileged user. This vulnerability will allow such an intruder to escalate privileges and become root.
Vulnerable Kernels: 2.6.0, 2.4.23, 2.2.25 (and respective earlier versions)
Fixed Kernels: 2.4.24
http://isec.pl/vulnerabilities/isec-0012-mremap.txt
Please submit any additions or corrections using the contact form at
http://isc.sans.org/contact.html
-----------------
Johannes Ullrich, SANS Institute, jullrich_AT_sans.org
-----------------
Ethereal Patches
Debian has released Ethereal patches covering 5 issues;
Debian Security Advisory DSA 407-1
http://www.debian.org/security/
DSA-407-1 ethereal -- buffer overflows
http://www.debian.org/security/2004/dsa-407
Patrick Nolan
Paul Starzetz ( http://www.isec.pl ) identified a new vulnerability in all current linux kernels ( 2.2, 2.4 and 2.6 ). This vulnerability could allow unprivileged users to gain root access.
So far, we have not seen an exploit for this vulnerability.
New kernels were released today for all major linux distributions.
Kernel upgrades can be tricky and require a reboot of your system. Be advised to carefully test new kernels before deploying them. While this vulnerability is not directly remotely exploitable, it is possible that other vulnerabilities (e.g. cgi scripts) will be used to gain access to a machine as a non-privileged user. This vulnerability will allow such an intruder to escalate privileges and become root.
Vulnerable Kernels: 2.6.0, 2.4.23, 2.2.25 (and respective earlier versions)
Fixed Kernels: 2.4.24
http://isec.pl/vulnerabilities/isec-0012-mremap.txt
Please submit any additions or corrections using the contact form at
http://isc.sans.org/contact.html
-----------------
Johannes Ullrich, SANS Institute, jullrich_AT_sans.org
-----------------
Ethereal Patches
Debian has released Ethereal patches covering 5 issues;
Debian Security Advisory DSA 407-1
http://www.debian.org/security/
DSA-407-1 ethereal -- buffer overflows
http://www.debian.org/security/2004/dsa-407
Patrick Nolan
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments