Impact: Exposure of system information Exposure of sensitive information Privilege escalation DoS
O/S Linux Kernel 2.2.x Linux Kernel 2.4.x Linux Kernel 2.6.x
Description: Multiple vulnerabilities have been reported in the Linux kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose sensitive information, or gain escalated privileges on a vulnerable system.
1) A signedness error in the "poolsize_strategy()" function of the random poolsize sysctl handler (drivers/char/random.c) can potentially be exploited to cause a buffer overflow when copying data from user space into kernel space.
Successful exploitation may crash the system or allow execution of arbitrary code with escalated privileges. However, exploitation requires UID 0, but not any root capabilities.
The vulnerability has been reported in the 2.4 and 2.6 kernel branches.
2) Two signedness errors in the "sg_scsi_ioctl()" function in "drivers/block/scsi_ioctl.c" can be exploited to cause a buffer overflow or disclose large portions of kernel memory when copying data to and from user space.
Successful exploitation may disclose sensitive information, crash the system, or potentially allow execution of arbitrary code with escalated privileges.
The vulnerabilities have been reported in the 2.6 kernel branch.
3) Boundary errors in various functions of the MOXA serial driver (drivers/char/moxa.c) can be exploited to cause buffer overflows when copying data from user space into a kernel space buffer.
Successful exploitation may allow execution of arbitrary code with escalated privileges.
The vulnerabilities have been reported in the 2.2, 2.4, and 2.6 kernel branches.
4) An unprivileged process can reportedly bypass the RLIMIT_MEMLOCK soft resource limit and lock more memory than permitted via the "mlockall()" system call.
The vulnerability has been reported in versions 2.6.9 and 2.6.10.
Solution: Grant only trusted users access to affected systems.
Linux had more bugs the last couple of years than Windwos XP/2003. More bugs will be found as focus on it grows. Anyone that thinks that Linux isn't going to have the same issues that Windows has had, isn't thinking clearly.
Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators
Important Notices: By participating on this discussion
board, visitors agree to abide by the rules outlined on our Rules
page. Messages posted on the Democratic Underground Discussion Forums are the
opinions of the individuals who post them, and do not necessarily represent
the opinions of Democratic Underground, LLC.