[G3]-Technews
[G3]-TechNews : Home| RSS | Atom | MSN | WAP

 Stickies:
Article: Step-by-Step Guide: How to set up a VPN
Article: Download: Microsoft Monad (Beta)
Article: Building a 64-Bit Multimedia Workstation
Article: Coming Soon to Windows: The Microsoft Shell (MSH)
Article: How to Reset Win NT / 2000 / XP Administrator Password
Article: The Technology Behind Dual Core CPUs
Article: How-To: Wireless Network Security
Article: Article: PCI Express - technology backgrounder
Article: Tutorial: Access Hidden Files on Your iPod
Article: Troubleshooting drivers with XP's hidden Driver Verifier Manager
Article: How to Make a 5 in 1 Network Cable
Article: Comparison - Blu-ray & HD DVD
Article: Beginners Guides Linux : Part 1 | Part 2 | Part 3
Article: How To Crack WEP (Wired Equivalent Privacy)
Article: Email Addresses Spoofing.
Link: Free PHP ebook
Link: FREE ASP.NET books and eLearning course
Link: Free registration code for Opera 8.
Invitations: Gazzag (Here) | Yahoo! 360 (Here)  | Orkut (Here)

It Linux Turn Now ... Six Linux Kernel Vulnerabilities Announced
Contributed by: G3nu1n3, at 1/09/2005 10:52:00 AM.

Late yesterday is was announced to the Full Disclosure mailing list that 6 vulnerabilities in the Linux kernel have been discovered both in the older 2.4 kernel branch and the new 2.6 kernel branch.

The vulnerabilities range from Local privilege escalation to Denial of Service attacks against vulnerable releases of the kernel.

The first of the vulnerabilities posted affects both the 2.4 and the 2.6 kernel series an could allow a lower privilege user to escalate their access to that of root by way of a vulnerability within the uselib() functions provided by the kernel. The issue is present in releases of the 2.4 kernel up to 2.4.29–rc2 and in the 2.6 kernel up to 2.6.10. You can see more information about the vulnerability in the Full Disclosure posting by Paul Starzetz here it also includes PoC exploit code.

The next batch all come from Brad Spengler who is part of the grsecurity project. The first is an integer overflow in the random poolsize sysctl handler, and affects both the 2.4 and 2.6 series of Linux kernels. The next is only in the 2.6 kernel series and is an integer overflow and information leakage vulnerability in the scsi ioctl code of the kernel. Next we have a vulnerability that affects the 2.2, 2.4 and the 2.6 series kernels, which is a moxa serial driver bss overflow. The next one is in both the 2.4 and 2.6 series kernels and is an RLIMIT_MEMLOCK bypass vulnerability as a side issue this last issue is a Denial of Service vulnerability in the 2.6 series of kernels. As yet there are no main stream patches for the kernel from the Linux kernel developers.

Source: Link


Important:
To Read MOST UPDATED News Items browse to HOME page.

0 Comments:

Post a Comment

<< Home



[G3]-TechNews : Home| RSS | Atom | MSN | WAP


Archives :

- Monthly Archives :


- Post Count: 1,783 before June 1, 2005. (Since: October 26, 2004)