> Linux Reviews > News and headlines > 2004 News archive > July >

More Linux kernel flaws: Multiple DoS and permission vulnerabilities

xiando

Updated kernels are available for Gentoo and other systems and users are encouraged to upgrade.

A remote attacker can mount your file-systems and change files group IDs if you are using a vulnerable 2.4 Linux kernel.

A new flaw is also found in the 2.6 series allowing unauthorized modification of entries in /proc, and this is a major security risk.

A VServer Linux specific /proc related issue is also found along with a local DoS vulnerability and a floating point information leak on IA64 platforms.

Linux Kernel: Multiple DoS and permission vulnerabilities (gentoo.org)
Linux kernel has multiple flaws
[CAN-2004-0447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0447
[CAN-2004-0496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0496
[CAN-2004-0497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0497
[CAN-2004-0565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0565
VServer /proc Context Vulnerability

News and headlines

Flash Player 9 Update Release Candidate available
Adobe has released an updated release candidate of their proprietary software flash player. It has some new features such as support for H.264 video, but it really does not matter as the license remains totally unacceptable.
KDE 4.0 Alpha 2 Released
KDE Community are now immensely proud to have put the second Alpha version of what will probably be the worlds most popular desktop environment in a few years.
Mozilla Firefox 1.5.0.12 marks the ned of Firefox v1.5
Firefox 1.5.0.12 is now rolled out and it is the last security update which will be made for Firefox 1.5.x. Linux distributions will probably update their packages with security patches, but there will be no more official 1.5.x releases. Mozilla Corporation attitude is update to 2.x or switch browser.
SpamAssassin 3.2.1 and 3.1.9 released
These new versions fix a local user symlink-attack denial of service vulnerability which is possible under extremely rare configurations.
KDE 3.5.7 Released
The seventh maintenance release of KDE 3.5 supports 65 languages, adds a few new features to the KDE PIM package and has piles of bug-fixes.
ProFTPD: Local privilege escalation
Flaw in the ProFTPD mod_ctrls module in versions <1.3.1_rc1 allows an attacker to execute arbitrary code with the privileges of the FTP Daemon if the module is enabled. Also, versions prior to 1.3.0a allows remote attackers to execute code.
Linux.conf.au videos available
Tor 0.1.2.7-alpha is out
The Electronic Frontier Foundation (EFF) Europe Office Opens in Brussels
KDE 3.5 Released
French Government Lobbied to Ban Free Software
Opera users must upgrade to 8.51

Printer Friendly Version - .PDF - .PDF-Slide

Thank you for using LinuxReviews. Have a nice day!

More Linux kernel flaws: Multiple DoS and permission vulnerabilities

Resources

Wikis

Package Search