'Critical' Linux kernel bugs discovered

Three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers.

Matthew Broersma (Techworld.com)
15 February, 2008 08:28
Comments

Security researchers have uncovered "critical" security flaws in a version of the Linux kernel used by a large number of popular distributions.

The three bugs allow unauthorized users to read or write to kernel memory locations or to access certain resources in certain servers, according to a SecurityFocus advisory.

They could be exploited by malicious, local users to cause denial of service attacks, disclose potentially sensitive information or gain "root" privileges, according to security experts.

The bug affects all versions of the Linux kernel up to version 2.6.24.1, which contains a patch. Distributions such as Ubuntu, Turbolinux, SuSE, Red Hat, Mandriva, Debian and others are affected.

The problems are within three functions in the system call fs/splice.c, according to an advisory from Secunia.

"In the 2.6.23 kernel the system call functionality has been further extended resulting in... critical vulnerabilities," said iSEC Security Research in an advisory.

Secunia disagreed about the bugs' seriousness, giving them a less critical ranking.

Exploit code for the vulnerabilities has been released publicly on the hacker site milw0rm.com, and Core Security Technologies has also developed a commercial exploit for the bugs, researchers said.

Researchers advised system administrators to update their kernels immediately.

Last month, a US Department of Homeland Security (DHS) bug-fixing scheme uncovered an average of one security glitch per 1,000 lines of code in 180 widely used open source software projects.

Secunia also previously discovered that the number of security bugs in open source Red Hat Linux operating system and Firefox browsers, far outstripped comparable products from Microsoft last year.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: Debian, Isec, Linux, Mandriva, Microsoft, Red Hat, SecurityFocus, SuSE, TurboLinux, Ubuntu

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

A buyer’s guide to application lifecycle management (ALM) solutions

This buyer's guide describes the key criteria for application lifecycle management (ALM) solutions for today's high-performance teams. It includes key considerations for enhancing your single- or multi-vendor ALM environment.

Featured Download

Seamonkey

Seamonkey includes an Internet browser, email and newsgroup client with an included web feed reader, HTML editor, IRC chat and web development tools. SeaMonkey will ...

Zones

Most Popular Whitepapers

Process-Driven Master Data Management for Dummies

We wrote this book to introduce you to the subject of processdriven MDM. It’s a big topic, one that far outstrips the ability of a brief book to cover. However, our hope is that by reading this book you will gain a fundamental understanding of processdriven MDM, how it works, and what it takes to make it a success in your organisation.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management

Latest Jobs

CCSAP FICO ConsultantNT
FTSAP Basis ConsultantNSW
FTChange Management ProfessionalsNSW
FTTechnical Services Engineer - ShoreTel/MitelVIC
CCSAP PM ConsultantNSW
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
FTSenior Citrix EngineerNSW
FTProduct Manager Strategist - Enterprise ApplicationsNSW
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
FTSenior Citrix EngineerNSW
CCOBIEE ConsultantWA
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
CCSystem Engineer - Exchange - CONTRACTSWA
CCAvaya Engineer - ERS 8600 4.1NSW
FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
FTSAP Basis ConsultantACT
FTQM Trainer and ConsultantNSW
CCSystem Engineer - Lync and Exchange - CONTRACTSWA
FTiPhone App DeveloperNSW
FTIT Service Desk EngineerNSW
FTiPhone App DeveloperNSW
FTiPhone App DeveloperNSW
FTIT Service Desk EngineerNSW
CCPC Relocation Technicians - Multiple Roles availableSA
FTiPhone Developer DeveloperNSW

Market Place

'Critical' Linux kernel bugs discovered

Comments

Post new comment

Which tablet should I buy? iPad 2 vs Sony Tablet S

Coalition NBN better or worse?

A comparison of Telstra's 4G phones

Which tablet should I buy? iPad 2 vs Sony Tablet S

Bredolab botnet author sentenced to 4 years in prison in Armenia

NBN ISS could pose capacity constraints

NBN service plans won't cost consumers more: Conroy

Microsoft at a loss over Event Viewer scam

Stallman: If you want freedom don't follow Linus Torvalds

Coalition NBN better or worse?

Conroy turns the attack to Hockey

A buyer’s guide to application lifecycle management (ALM) solutions

Securing SOA and Web Services with Oracle Enterprise Gateway

SOA Adoption for Dummies

Justifying Business Intelligence Applications

Seamonkey

Avaya Air Cover Zone

Application Lifecycle Management

HP Converged Storage Zone

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Process-Driven Master Data Management for Dummies

Business Intelligence Best Practices for Dashboard Design

Learning To Compete: IT’s Next Transformation

Seven Steps to Effective Data Governance

Guidance for Calculation of Efficiency (PUE) in Data Centers

Computerworld newsletter

Don't have an account?

'Critical' Linux kernel bugs discovered

Comments

Post new comment

Computerworld newsletter