Peaches Posted December 11, 2009 Report Share Posted December 11, 2009 10 December 2009, 13:06Linux kernel vulnerabilities closed Several Linux distributors are releasing updated kernel packages to close security holes in the kernel. For instance, very large packets can reportedly be used to remotely provoke a flaw in the TCP/IPv4 stack's ip_defrag() (net/ipv4/ip_fragment.c) function. This can potentially cause null-pointer dereferencing and crash a system. Whether the flaw can also be exploited to execute code at kernel level by users that are logged into a system at restricted privilege level, which was the case with several previous null-pointer dereferencing bugs, is not mentioned in the distributors' and kernel developers' descriptions. The flaw was discovered in Linux kernel 2.6.32-rc8 and has been fixed in the final version. More details at Heise security - http://www.h-online.com/security/news/item/Linux-kernel-vulnerabilities-closed-882270.html Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.